I'm trying to use Log4j 2 to construct and send RFC 5424 compliant syslog
messages to a syslog receiver. I've ran into an issue with how the
Rfc5424Layout orders the SD-PARAM key/value pairs. The StructuredDataMessage
constructor accepts a SortedMap that could be using a Comparator to manage the
order of the SD-PARAMs. Unfortunately in the Rfc5424Layout.appendMap() method,
a new TreeMap is constructed with the already sorted map from the
StructuredDataMessage as input. This causes the Map to be sorted by the
'natural' order (alphabetically), which is not the order that I need for the
SD-PARAMs.
According to RFC-5424 Section 8.3, the more important SD-PARAMs should be
earlier in the message to avoid truncation:
Important information should be placed as early in the message as
possible because information at the beginning of the message is less
likely to be discarded by a size-limited transport receiver.
To me, this seems like a bug in the Rfc5424Layout. Also, I don't see the need
for forcing the use of a SortedMap implementation in the StructuredDataMessage
either, wouldn't it be better to let the caller use whatever type of Map they
want and use that when iterating over the entrySet in the appendMap method?
This would allow for the use of a LinkedHashMap that could persist the order
based on when an Entry was inserted into the map, instead of requiring a
Comparator to sort the map.
If I'm misunderstanding something and this is not a bug, I would greatly
appreciate an explanation of how I can define the order of the SD-PARAMs within
an RFC 5424 Syslog message.
Thanks,
Brad Medinger
Senior Software Engineer
Office: 1-800-949-4696
Outside US: +1-402-944-4242
[email protected]<mailto:[email protected]>
LINOMA SOFTWARE | LinomaSoftware.com<http://www.linomasoftware.com/> |
GoAnywhere.com<http://www.goanywhere.com/>
