Logging: Syslog Support of RFC 5424
Basically exactly as the title says. The logging to external syslog as it is now does not follow either RFC 3164 or RFC 5424.
Since the RFC 3164 was replaced by RFC 5424 it would be nice to have the option to select the format of syslog messages that are sent to external syslog server to follow this RFC standard. Right now if the external syslog is following the RFC standard and receives a syslog message from ASG which is NOT RFC compliant the message is malformed and not stored correctly which naturally causes a lot of problems.
Wan Hafizi commented
Having the same problem.
Some data not parsed properly because of syslog format error/inconsistencies. Some data are erronous or non existance.
For example most of the time i see this in the log;
Not only the "trans_src_ip" value is not there, the "trans_src_port" value is invalid
Bela Szekeres commented
I would also prefer an RFC compliant timestamp. Installing another logserver just for timestamp conversion is a nightmare in a PCI environment...
Scott Chapman commented
I know it's a hassle but you could always shoot the logs to a internal centrallized syslog server and then from there out to loggly. But I agree, native support for the RFC 5424 standard would be nice.
Marcos Machado commented
I was trying to use services like Loggly but they need to receive a RFC5424 header.