Crossposting here, as relp@ seems to be inactive
-------- Forwarded Message -------- Subject: Syslog format used in RELP Date: Sun, 30 Sep 2018 18:32:15 +0200 From: Val Lorentz <prog...@progval.net> To: r...@lists.adiscon.com Hi, The RELP spec <https://www.rsyslog.com/doc/relp.html> states that: > This command is used to transmit a syslog message, which (in syslog message format) is contained within the commands data portion. I am wondering which message format this refers to. On my computer (Debian 9, with librelp0 1.2.12-1+deb9u1 and rsyslog 8.24.0-1), the messages emitted by rsyslog seem to be neither RFC3164-valid or RFC5424-valid. An example message is: <86>2018-09-30T17:39:02.035964+02:00 particle CRON[28303]: pam_unix(cron:session): session closed for user root My understanding is that it is invalid for RFC3164, because of: > The TIMESTAMP field is the local time and is in the format of "Mmm dd > hh:mm:ss" (without the quote marks) and for RFC5424 because examples in that RFC look like this: > <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 > - BOM'su root' failed for lonvick on /dev/pts/8 (note the 1 after the closing angle bracket). Any insight? Thanks! Val
signature.asc
Description: OpenPGP digital signature
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
