Project

General

Profile

Actions

Bug #144

closed

Syslog messages violate RFC 3164

Added by Chris Buechler over 14 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
11/08/2009
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

RFC 3164 ("The BSD Syslog Protocol") dictates that following the Timestamp field will be a space then the "HOSTNAME" which may be either the actual hostname or the device's IP address. Logs from pfSense do not specify any host identifier.

Actions #1

Updated by Chris Buechler over 14 years ago

  • Status changed from New to Needs Patch
  • Target version deleted (2.0)

Nearly everything appears to violate RFC 3164. Stock BSDs, m0n0wall, Cisco IOS (by default). The most common syslog servers all add this field into the message automatically. There isn't a readily apparent way to add this to syslog messages sent to a remote host in FreeBSD. Moving to "needs patch" out of lack of interest in fixing, and the fact that it appears to be a standard behavior. If someone who is interested in this functionality can tell us how to make it work, we would be glad to implement.

Actions #2

Updated by Patrick Hieber about 9 years ago

How can I determine which pfsense in my env is sending the syslog messages if no hostname/ip is specified? This would be highly appreciated, at least by me ;)

Actions #3

Updated by Renato Botelho over 3 years ago

  • Status changed from Needs Patch to Closed

All pfsense logs on 2.5.0 contains hostname after timestamp

Actions

Also available in: Atom PDF