[Bug 220246] syslogd does not send RFC3164-conformant messages
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Jan 2024 10:29:16 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220246
Michal Scigocki <michal.os@hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |michal.os@hotmail.com
--- Comment #6 from Michal Scigocki <michal.os@hotmail.com> ---
Created attachment 247881
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=247881&action=edit
patch with added rfc3164-strict format, against 15-CURRENT
Hi,
I had a look at RFC3164 and found a couple of interesting items:
- Section 4.2 of RFC3164 states there are no set requirements for the contents
of the syslog packet. So the existing format is technically valid.
- The format described in RFC3164 (i.e. "<PRI>TIMESTAMP HOSTNAME MSG") is only
RECOMMENDED to be used. It's not enforced.
- The "Forwarded from HOSTNAME:" field is not mentioned anywhere in RFC3164. I
found it originally came about in FreeBSD PR 7055, back in 1998.
- Section 4.3.1 of RFC3164 states syslog relay servers that forward messages
MUST do so without making any changes to the packet.
Given this, I think the existing bsd/rfc3164 format should be kept as-is for
backward compatibility, but a new optional format should be added that strictly
conforms to the recommended format defined in RFC3164.
I have attached a new patch based on Bryan Drewery's patch. It adds the third
optional format to the -O flag, "strict" or "rfc3164-strict", which adds the
hostname and excludes "Forwarded from" field in the network syslog message, and
also updates the man page.
--
You are receiving this mail because:
You are the assignee for the bug.