Describe the bug
The default timestamp format used by rsyslog changed in Debian Bookworm, from the "traditional" BSD format into RFC 3339 (a subset of ISO8601, methinks).
NAV's logengine is unable to parse these timestamps, and will put all incoming log messages in the parsing error table. The only symptom appears to be that incoming log messages from Cisco equipment can no longer be viewed by regular log searches in the syslog analyzer UI.
Old format
Jan 5 13:54:43
New format
2026-01-05T13:54:43.262668+01:00
Workarounds
Until fixed in NAV, this can be worked around by forcing rsyslogd to keep using the traditional timestamp format. This is achieved by adding the following line in the ### GLOBAL DIRECTIVES ### section of /etc/rsyslogd.conf:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Expected behavior
logengine should be able to parse the new timestamp format.
Environment (please complete the following information):
- NAV version installed: NAV 5.16.0
Additional context
Describe the bug
The default timestamp format used by rsyslog changed in Debian Bookworm, from the "traditional" BSD format into RFC 3339 (a subset of ISO8601, methinks).
NAV's logengine is unable to parse these timestamps, and will put all incoming log messages in the parsing error table. The only symptom appears to be that incoming log messages from Cisco equipment can no longer be viewed by regular log searches in the syslog analyzer UI.
Old format
Jan 5 13:54:43New format
2026-01-05T13:54:43.262668+01:00Workarounds
Until fixed in NAV, this can be worked around by forcing rsyslogd to keep using the traditional timestamp format. This is achieved by adding the following line in the
### GLOBAL DIRECTIVES ###section of/etc/rsyslogd.conf:Expected behavior
logengine should be able to parse the new timestamp format.
Environment (please complete the following information):
Additional context