Project

General

Profile

Bug #144

Syslog messages violate RFC 3164

Added by Chris Buechler almost 11 years ago. Updated over 5 years ago.

Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
11/08/2009
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

RFC 3164 ("The BSD Syslog Protocol") dictates that following the Timestamp field will be a space then the "HOSTNAME" which may be either the actual hostname or the device's IP address. Logs from pfSense do not specify any host identifier.

History

#1 Updated by Chris Buechler over 10 years ago

  • Status changed from New to Needs Patch
  • Target version deleted (2.0)

Nearly everything appears to violate RFC 3164. Stock BSDs, m0n0wall, Cisco IOS (by default). The most common syslog servers all add this field into the message automatically. There isn't a readily apparent way to add this to syslog messages sent to a remote host in FreeBSD. Moving to "needs patch" out of lack of interest in fixing, and the fact that it appears to be a standard behavior. If someone who is interested in this functionality can tell us how to make it work, we would be glad to implement.

#2 Updated by Patrick Hieber over 5 years ago

How can I determine which pfsense in my env is sending the syslog messages if no hostname/ip is specified? This would be highly appreciated, at least by me ;)

Also available in: Atom PDF