Syslog messages violate RFC 3164
RFC 3164 ("The BSD Syslog Protocol") dictates that following the Timestamp field will be a space then the "HOSTNAME" which may be either the actual hostname or the device's IP address. Logs from pfSense do not specify any host identifier.
#1 Updated by Chris Buechler over 10 years ago
- Status changed from New to Needs Patch
- Target version deleted (
Nearly everything appears to violate RFC 3164. Stock BSDs, m0n0wall, Cisco IOS (by default). The most common syslog servers all add this field into the message automatically. There isn't a readily apparent way to add this to syslog messages sent to a remote host in FreeBSD. Moving to "needs patch" out of lack of interest in fixing, and the fact that it appears to be a standard behavior. If someone who is interested in this functionality can tell us how to make it work, we would be glad to implement.