SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Logging: Syslog Support of RFC 5424

Basically exactly as the title says. The logging to external syslog as it is now does not follow either RFC 3164 or RFC 5424.

Since the RFC 3164 was replaced by RFC 5424 it would be nice to have the option to select the format of syslog messages that are sent to external syslog server to follow this RFC standard. Right now if the external syslog is following the RFC standard and receives a syslog message from ASG which is NOT RFC compliant the message is malformed and not stored correctly which naturally causes a lot of problems.

10 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    mad_bird_czmad_bird_cz shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Wan HafiziWan Hafizi commented  ·   ·  Flag as inappropriate

        Having the same problem.

        Some data not parsed properly because of syslog format error/inconsistencies. Some data are erronous or non existance.

        For example most of the time i see this in the log;

        "trans_src_ip=trans_src_port=0"

        Not only the "trans_src_ip" value is not there, the "trans_src_port" value is invalid

        Thanks

      • Bela SzekeresBela Szekeres commented  ·   ·  Flag as inappropriate

        I would also prefer an RFC compliant timestamp. Installing another logserver just for timestamp conversion is a nightmare in a PCI environment...

      • Scott ChapmanScott Chapman commented  ·   ·  Flag as inappropriate

        I know it's a hassle but you could always shoot the logs to a internal centrallized syslog server and then from there out to loggly. But I agree, native support for the RFC 5424 standard would be nice.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.