lunes, 18 de noviembre de 2024

Rsyslog with high resolution timestamp

 

By default, rsyslog uses traditional timestamp, which in date command's format would be:

%b %d %H:%M:%S

This is enabled by the following line in /etc/rsyslog.conf:

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat 

To enable high precision timestamping, comment out the line:

# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat 

which will make rsyslog timestamping in the RFC 3339 format.

rsyslog

 global(
  workDirectory="/var/spool/rsyslog"
)

# Load the imfile module to read logs from a file
module(load="imtcp" MaxSessions="500")
input(type="imtcp" port="514")

template(name="probe-request" type="list" option.jsonf="on") {
         property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
         property(outname="host" name="hostname" format="jsonf")
         property(outname="sourceaddress" name="msg" regex.type="ERE" regex.submatch="1" regex.expression="SA:([^[:space:]]*)" regex.nomatchmode="BLANK" format="jsonf")
         property(outname="signal" name="msg" field.number="10" field.delimiter="32" format="jsonf" onEmpty="null")
         property(outname="wifi" name="msg" regex.type="ERE" regex.submatch="1" regex.expression="Probe Request \\((.*?)\\)" regex.nomatchmode="BLANK" format="jsonf")
}

template(name="roamed" type="list" option.jsonf="on") {
         property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
         property(outname="host" name="hostname" format="jsonf")
         property(outname="sourceaddress" name="msg" field.number="18" field.delimiter="32" format="jsonf" onEmpty="null")
         property(outname="signal" name="msg" field.number="10" field.delimiter="32" format="jsonf" onEmpty="null")
         property(outname="wifi" name="msg" field.number="21" field.delimiter="32" format="jsonf")
}


# Send logs with the specified tag to the console
if $msg contains 'Probe Request (' then {
        action(type="omfile" file="/var/log/syslogs/unifi-probe.log" template="probe-request")
}

if $msg contains 'roamed' then {
        action(type="omfile" file="/var/log/syslogs/unifi-roamed.log" template="roamed")
}

Use pip in a virtual environment

 

If you haven't yet learned a tool to set up a virtual environment, I highly recommend it. All Python programmers should learn one. I recommend venv or virtualenv to beginners. To install venv, run:

sudo apt install python3-venv

Then create a virtual environment in your project directory like this:

 python3 -m venv .venv

Now activate your virtual environment by running:

 source .venv/bin/activate

This modifies your PATH environment variable to include .venv/bin/. Now you can install PyPI packages using pip into your virtual envirnoment (in this case .venv/), like this:

pip install requests

If you don't want to activate and deactivate virtual environments, you can run pip and python directly from the virtual environment, like this:

$ .venv/bin/pip install requests
$ .venv/bin/python
>>> import requests
>>> 
 
 https://stackoverflow.com/questions/75608323/how-do-i-solve-error-externally-managed-environment-every-time-i-use-pip-3