By default, rsyslog uses traditional timestamp, which in date command's format would be:
%b %d %H:%M:%S
This is enabled by the following line in /etc/rsyslog.conf:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
To enable high precision timestamping, comment out the line:
# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
which will make rsyslog timestamping in the RFC 3339 format.
global(
workDirectory="/var/spool/rsyslog"
)
# Load the imfile module to read logs from a file
module(load="imtcp" MaxSessions="500")
input(type="imtcp" port="514")
template(name="probe-request" type="list" option.jsonf="on") {
property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
property(outname="host" name="hostname" format="jsonf")
property(outname="sourceaddress" name="msg" regex.type="ERE" regex.submatch="1" regex.expression="SA:([^[:space:]]*)" regex.nomatchmode="BLANK" format="jsonf")
property(outname="signal" name="msg" field.number="10" field.delimiter="32" format="jsonf" onEmpty="null")
property(outname="wifi" name="msg" regex.type="ERE" regex.submatch="1" regex.expression="Probe Request \\((.*?)\\)" regex.nomatchmode="BLANK" format="jsonf")
}
template(name="roamed" type="list" option.jsonf="on") {
property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
property(outname="host" name="hostname" format="jsonf")
property(outname="sourceaddress" name="msg" field.number="18" field.delimiter="32" format="jsonf" onEmpty="null")
property(outname="signal" name="msg" field.number="10" field.delimiter="32" format="jsonf" onEmpty="null")
property(outname="wifi" name="msg" field.number="21" field.delimiter="32" format="jsonf")
}
# Send logs with the specified tag to the console
if $msg contains 'Probe Request (' then {
action(type="omfile" file="/var/log/syslogs/unifi-probe.log" template="probe-request")
}
if $msg contains 'roamed' then {
action(type="omfile" file="/var/log/syslogs/unifi-roamed.log" template="roamed")
}
If you haven't yet learned a tool to set up a virtual environment, I
highly recommend it. All Python programmers should learn one. I
recommend venv or virtualenv to beginners. To install venv, run:
sudo apt install python3-venv
Then create a virtual environment in your project directory like this:
python3 -m venv .venv
Now activate your virtual environment by running:
source .venv/bin/activate
This modifies your PATH environment variable to include .venv/bin/. Now you can install PyPI packages using pip into your virtual envirnoment (in this case .venv/), like this:
pip install requests
If you don't want to activate and deactivate virtual environments, you can run pip and python directly from the virtual environment, like this:
$ .venv/bin/pip install requests
$ .venv/bin/python
>>> import requests
>>> https://stackoverflow.com/questions/75608323/how-do-i-solve-error-externally-managed-environment-every-time-i-use-pip-3