Closed dmoroney closed 5 years ago
kjacobsen
commented
5 years ago Hi,
That is correct. -Timestamp parameter accepts a DateTimeobject not a string object. PowerShell is probably casting the string you are sending back to the object where it is then casted according to the rfc.
What exactly are you trying to do?
Sent with GitHawk
dmoroney
commented
5 years ago function Get-TimeStamp() { return [DateTime](Get-Date -Format "yyyy-MM-ddThh:mm:ss.fffzzz") }
Send-SyslogMessage -Server $syslogger -ApplicationName "test_app" -Timestamp (Get-TimeStamp) ` -Facility $facility -Severity $severity -Message $message
kjacobsen
commented
5 years ago Hi,
Thanks for sharing that.
Why are you trying to override the RFC defined precision? Send-SyslogMessage follows the RFC when sending the Date/Time format.
Sent with GitHawk
dmoroney
commented
5 years ago that's great that Send-SyslogMessage complies with the defined RFC precision. how about being able to change the format as needed? that appears to be what including -Timestamp in the cmdlet would imply. if in fact, it's decided by the cmdlet writer(s) that the format "yyyy-MM-ddThh:mm:ss.ffffffzzz" is immutable, then -Timestamp isn't useful
powershellshock
commented
5 years ago -Timestamp allows you to apply a timestamp value of your choosing, not a timestamp format of your choosing. For example, if your script is reading and processing a log file, you may want the entries in the log file to be sent via syslog with the timestamp on the log entry, not the current time of the machine running the script. The -Timestamp parameter allows you to do that (but it does use the RFC compliant format for the timestamp).
There are many syslog senders and receivers out there that do not adhere to the syslog standards in numerous ways and it has led to a nightmare of variances of things like timestamps and message formats (I see this across numerous customers and SIEM vendors in my regular work). It is my opinion that adhering to the standard as much as possible helps minimize this problem, rather than adding to it, so I feel that the current implementation is ideal. Just my $.02.
Of course, it is open source, so you may create your own fork and modify the timestamp format all you like in your fork.
dmoroney
commented
5 years ago Yes, I see that now in Posh-Syslog-4.0.0/public/Send-SyslogMessage.ps1[355]:
$FormattedTimestamp = $Timestamp.ToString('yyyy-MM-ddTHH:mm:ss.ffffffzzz')if a datetime value is passed to -Timestamp, then all is well.
$ExpectedTimestamp = (New-Object datetime(2019,1,1)).ToString('yyyy-MM-ddTHH:mm:ss.ffffffzzz')
Send-SyslogMessage -Server '127.0.0.1' -Message 'Test Syslog Message' `
-Severity 'Alert' -Facility 'auth' -Timestamp $ExpectedTimeStampif a timestamp format is passed to -Timestamp, like this
$ExpectedTimestamp = (New-Object datetime(2019,1,1)).ToString('yyyy-MM-ddTHH:mm:ss.fffzzz')then that format is overridden with the RFC5424 $FormattedTimestamp spec and the fraction of the second precision is zero-padded to 6 places
kjacobsen
commented
5 years ago Hi,
The TimeStamp parameter determines the value and not for format of the message. The format of the timestamp in the SYSLOG message, and the precision of the value is controlled via the RFC, you cannot change it.
This parameter is of type DateTime, if you specify a String value as you are, PowerShell is coverting that to a DateTime value for you.
applying an alternative -Timestamp (Get-Date).ToString("yyyy-MM-ddThh:mm:ss.fffzzz") with less fractional seconds precision has no effect. the syslog message is always timestamped with seconds in 6 digits precision
<33>1 2019-01-01T00:12:34.567890-6:00 hostname appname procid msgid - This is a test message