centos-6.5 修改系统日志时间戳格式

centos-6.5 修改系统日志时间戳格式：
原来格式：
$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg%"

# vim /var/log/cron
Dec 22 19:40:01 server112 CROND[4545]: (root) CMD (/usr/lib64/sa/sa1 1 1)

# vim /var/log/messages
Dec 22 20:32:42 server100 kernel: Kernel logging (proc) stopped.
Dec 22 20:32:42 server100 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1524" x-info="http://www.rsyslog.com"] exiting on signal 15.
Dec 22 20:32:42 server100 kernel: imklog 5.8.10, log source = /proc/kmsg started.
Dec 22 20:32:42 server100 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="28207" x-info="http://www.rsyslog.com"] start

新的格式：
# vim /etc/rsyslog.conf
$template CustomFormat,"%$NOW% %TIMESTAMP:8:15% %HOSTNAME% %syslogtag%%msg%\n"
$ActionFiledefaultTemplate CustomFormat

# /etc/init.d/rsyslog restart

# vim /var/log/messages
2013-12-22 20:55:19 server112 kernel:Kernel logging (proc) stopped.0
2013-12-22 20:55:19 server112 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="5557" x-info="http://www.rsyslog.com"] exiting on signal 15.0
2013-12-22 20:55:19 server112 kernel:imklog 5.8.10, log source = /proc/kmsg started.
2013-12-22 20:55:19 server112 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="5572" x-info="http://www.rsyslog.com"] start

注意：
更改后，/var/log/messages里的kernel:与imklog之间少了个空格，语法也不高亮了。更改前是有的。估计是rsyslog的bug。