Bug #8077
closed
Filterlog format does not match documentation or RFC spec
0%
Description
The documentation of the filterlog format indicates that the format of syslog messages will be:
<Timestamp> <Hostname> filterlog: <CSV data>
Actual messages received look like this:
<134>Nov 9 21:55:09 filterlog: 218,,,1433092534,pppoe2,match,block,in,4,0x0,,57,34698,0,none,6,tcp,40,141.1.1.1,8.8.8.8,25911,23,0,S,1380209254,,39383,,
Ideally from a log collection perspective, the message format should be updated to follow the documentation and include the hostname. Alternatively, the documentation could be updated to accurately reflect the format of messages as they are at present.
Updated by Jim Pingle over 6 years ago
- Status changed from New to Not a Bug
That is the format of the log in /var/log/filter.log
If it looks different coming across syslogd, that's a different matter entirely. FreeBSD's syslogd doesn't send the hostname in messages.
Updated by Jim Pingle over 6 years ago
And that fact is already noted on the page. Immediately under the line you quoted.
Updated by Joash Lewis over 6 years ago
You are of course right, and I am feeling silly. Can't see the wood for the trees.
There is a proper bug report against FreeBSD here for anyone in future about to make the same mistake as me.