Bug #144
closed
Syslog messages violate RFC 3164
0%
Description
RFC 3164 ("The BSD Syslog Protocol") dictates that following the Timestamp field will be a space then the "HOSTNAME" which may be either the actual hostname or the device's IP address. Logs from pfSense do not specify any host identifier.
Updated by Chris Buechler about 15 years ago
- Status changed from New to Needs Patch
- Target version deleted (
2.0)
Nearly everything appears to violate RFC 3164. Stock BSDs, m0n0wall, Cisco IOS (by default). The most common syslog servers all add this field into the message automatically. There isn't a readily apparent way to add this to syslog messages sent to a remote host in FreeBSD. Moving to "needs patch" out of lack of interest in fixing, and the fact that it appears to be a standard behavior. If someone who is interested in this functionality can tell us how to make it work, we would be glad to implement.
Updated by Patrick Hieber almost 10 years ago
How can I determine which pfsense in my env is sending the syslog messages if no hostname/ip is specified? This would be highly appreciated, at least by me ;)
Updated by Renato Botelho about 4 years ago
- Status changed from Needs Patch to Closed
All pfsense logs on 2.5.0 contains hostname after timestamp