Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

LP #1642376: Audit Log Creates Unparsable Date String

Description

**Reported in Launchpad by Matthew B last update 20-12-2016 06:03:23

The audit log currently produces time stamps like this: 2016-11-15T12:12:34 UTC

This is not a recognized standard for ISO8601. (https://en.wikipedia.org/wiki/ISO_8601#UTC)

– QUOTE
If the time is in UTC, add a Z directly after the time without a space. Z is the zone designator for the zero UTC offset. "09:30 UTC" is therefore represented as "09:30Z" or "0930Z". "14:45:15 UTC" would be "14:45:15Z" or "144515Z".
– END

Please consider the following patch to correct this:

diff --git a/audit_log.c b/audit_log.c
index 39078fa..4c3224d 100644
— a/audit_log.c
+++ b/audit_log.c
@@ -134,7 +134,7 @@ char *make_timestamp(char *buf, size_t buf_len, time_t t)
struct tm tm;

memset(&tm, 0, sizeof(tm));

  • strftime(buf, buf_len, "%FT%T UTC", gmtime_r(&t, &tm));
    + strftime(buf, buf_len, "%FT%TZ", gmtime_r(&t, &tm));


return buf;
}

Environment

None

Smart Checklist

Activity

Show:

Kenny Gryp February 21, 2018 at 4:24 AM

lpjirasync January 22, 2018 at 2:01 PM

**Comment from Launchpad by: Matthew B on: 19-12-2016 22:14:36

The system that parses these logs, Logstash / Elasticsearch, complains that the timestamp provided in the JSON string does not conform to any established RFCs and therefor drops the audit record completely.

lpjirasync January 22, 2018 at 2:01 PM

**Comment from Launchpad by: Sveta Smirnova on: 19-12-2016 21:57:38

Since simply changing timestamp format may break existent applications I believe this should be implemented as an option.

If we believe going standard is right way to fix Audit plugin such change should be done only in the next major version.

Duplicate

Details

Assignee

Reporter

Labels

Priority

Smart Checklist

Created January 22, 2018 at 2:00 PM
Updated February 21, 2018 at 5:05 AM
Resolved February 21, 2018 at 5:05 AM