[Bug 200933] syslog is not RFC-compliant when receiving remote UDP messages

Wed Jun 17 13:31:40 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200933

            Bug ID: 200933
           Summary: syslog is not RFC-compliant when receiving remote UDP
                    messages
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: standards
          Assignee: freebsd-standards at FreeBSD.org
          Reporter: thresh at nginx.com

syslog daemon expects the following format when receiving remote UDP messages:

date tag: message

from man syslog.conf:

     If a received message matches the specified facility and is of the speci-
     fied level (or a higher level), and the first word in the message after
     the date matches the program, the action specified in the action field
     will be taken.

however RFC 3164 (and later ones) specify the following format:

date hostname tag: message

this means syslog can not properly filter messages based on tags, which breaks
rfc-compliant software like nginx.

an excerpt of what is being sent by nginx, with tag "nginxorg" from the
hostname of "www.nginx.org":

13:28:23.422156 IP xx.yy.zz.nn.11312 > 192.168.1.1.514: SYSLOG local7.info,
length: 220
E....... at ..<...?..+!,0......<190>Jun 17 13:28:23 www.nginx.org nginxorg:
12.34.56.78 - - [17/Jun/2015:13:28:23 +0000] "GET / HTTP/1.1" 404 4075 "-"
"Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)" "10.10.20.121"

-- 
You are receiving this mail because:
You are the assignee for the bug.