[Bug 200933] syslog is not RFC-compliant when receiving remote UDP messages
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 17 13:31:40 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200933
Bug ID: 200933
Summary: syslog is not RFC-compliant when receiving remote UDP
messages
Product: Base System
Version: 10.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: standards
Assignee: freebsd-standards at FreeBSD.org
Reporter: thresh at nginx.com
syslog daemon expects the following format when receiving remote UDP messages:
date tag: message
from man syslog.conf:
If a received message matches the specified facility and is of the speci-
fied level (or a higher level), and the first word in the message after
the date matches the program, the action specified in the action field
will be taken.
however RFC 3164 (and later ones) specify the following format:
date hostname tag: message
this means syslog can not properly filter messages based on tags, which breaks
rfc-compliant software like nginx.
an excerpt of what is being sent by nginx, with tag "nginxorg" from the
hostname of "www.nginx.org":
13:28:23.422156 IP xx.yy.zz.nn.11312 > 192.168.1.1.514: SYSLOG local7.info,
length: 220
E....... at ..<...?..+!,0......<190>Jun 17 13:28:23 www.nginx.org nginxorg:
12.34.56.78 - - [17/Jun/2015:13:28:23 +0000] "GET / HTTP/1.1" 404 4075 "-"
"Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)" "10.10.20.121"
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-standards
mailing list