[Bug 220246] syslogd does not send RFC3164-conformant messages
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Jan 2024 10:29:16 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220246 Michal Scigocki <michal.os@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michal.os@hotmail.com --- Comment #6 from Michal Scigocki <michal.os@hotmail.com> --- Created attachment 247881 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=247881&action=edit patch with added rfc3164-strict format, against 15-CURRENT Hi, I had a look at RFC3164 and found a couple of interesting items: - Section 4.2 of RFC3164 states there are no set requirements for the contents of the syslog packet. So the existing format is technically valid. - The format described in RFC3164 (i.e. "<PRI>TIMESTAMP HOSTNAME MSG") is only RECOMMENDED to be used. It's not enforced. - The "Forwarded from HOSTNAME:" field is not mentioned anywhere in RFC3164. I found it originally came about in FreeBSD PR 7055, back in 1998. - Section 4.3.1 of RFC3164 states syslog relay servers that forward messages MUST do so without making any changes to the packet. Given this, I think the existing bsd/rfc3164 format should be kept as-is for backward compatibility, but a new optional format should be added that strictly conforms to the recommended format defined in RFC3164. I have attached a new patch based on Bryan Drewery's patch. It adds the third optional format to the -O flag, "strict" or "rfc3164-strict", which adds the hostname and excludes "Forwarded from" field in the network syslog message, and also updates the man page. -- You are receiving this mail because: You are the assignee for the bug.