Bug #144
closed
Syslog messages violate RFC 3164
Added by Chris Buechler about 15 years ago.
Updated about 4 years ago.
Description
RFC 3164 ("The BSD Syslog Protocol") dictates that following the Timestamp field will be a space then the "HOSTNAME" which may be either the actual hostname or the device's IP address. Logs from pfSense do not specify any host identifier.
- Status changed from New to Needs Patch
- Target version deleted (
2.0)
Nearly everything appears to violate RFC 3164. Stock BSDs, m0n0wall, Cisco IOS (by default). The most common syslog servers all add this field into the message automatically. There isn't a readily apparent way to add this to syslog messages sent to a remote host in FreeBSD. Moving to "needs patch" out of lack of interest in fixing, and the fact that it appears to be a standard behavior. If someone who is interested in this functionality can tell us how to make it work, we would be glad to implement.
How can I determine which pfsense in my env is sending the syslog messages if no hostname/ip is specified? This would be highly appreciated, at least by me ;)
- Status changed from Needs Patch to Closed
All pfsense logs on 2.5.0 contains hostname after timestamp
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by