[Bug 220246] syslogd does not send RFC3164-conformant messages [PATCH]

Sat Jun 24 08:50:02 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220246

            Bug ID: 220246
           Summary: syslogd does not send RFC3164-conformant messages
                    [PATCH]
           Product: Base System
           Version: 10.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: mikeg at bsd-box.net
          Keywords: patch

Created attachment 183758
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=183758&action=edit
Resolving patch

When sending messages to a remote host syslogd omits the hostname field
required by RFC 3164. This affects anyone sending logs from a FreeBSD host to a
central logging server that expects RFC 3164-conformant messages (Logstash,
fluentd) - it breaks the remote server's ability to parse the FreeBSD system's
log messages.

This issue is present on 10.3-RELEASE and 11.0-RELEASE.

The attached patch corrects the behavior of syslogd when sending messages.
Following the logic laid out in the existing code I preserved the previous
hostname for forwarded messages, but made the resulting message conform with
the RFC. 

This fix has been verified against Logstash & fluentd. I have not deliberately
thrown any pathological input at it so there should be some scrutiny.

NOTE: Related standards bug 200933 deals with receiving RFC 3164-conformant
messages. There is a patch there which should be reviewed and either applied or
adapted as appropriate.

-- 
You are receiving this mail because:
You are the assignee for the bug.