[rsyslog] Use precision timestamps

[Alexander Elbs]

Hi,

when using syslog(3) an application can send log messages via /dev/log to rsyslog
and then to e.g. a file.

If I enable high precision timestamps in rsyslog the log messages have a more
precise timestamp. However there is some delay between the application
generating a log message and rsyslog adding the timestamp. So why settle for
less? :)
(Well it is a distributed application, i.e. several processes and computers. So
to debug interactions between the parts the correct ordering and timing is very
important to me.)

I wrote some code that opens /dev/log itself and sends the new format
directly. This works very nice and I get the timestamps I want.


Example code:
--------------
#!/usr/bin/python

import socket

log = socket.socket( socket.AF_UNIX, socket.SOCK_DGRAM )
log.connect( "/dev/log" )

# <PRI>VERSION SP TIMESTAMP SP HOSTNAME SP APP-NAME SP PROCID SP MSGID SP
  [SD-ID]s SP MSG
# PRI: 23 (==local7) * 8 + 4 (==warning) = 188
log.send( "<188>1 2009-07-15T09:45:12.463435Z mycomputer TEST_CLIENT 12345
  SOME_PACKAGE This is a test message" )
log.close()
--------------

However I have a few questions:
- Is there some library code I could use that accepts high precision
  timestamps? Some kind of successor to syslog(3).
- Is there a recommended way to detect if the syslog daemon will accept the new
  format? Currently this could mean checking if rsyslogd is listening on
  /dev/log or someone else. Otherwise the logging code needs to fall back to
  the old format that is understood by any syslog daemon (and use only second
  resolution).


Mfg
Alexander Elbs

-- 
Alexander Elbs  ***  eMail alex at segv.de