So its not suppose to have individual "field" in the packet? It is just a single string with the fields in order?
On Tue, 10 Jul 2018 at 22:40 Rainer Gerhards <[email protected]> wrote: > From what I see it's RFC5424 format, so I do not know what the issue is. > > Rainer > > 2018-07-10 14:35 GMT+02:00 Delon Lee Di Lun <[email protected]>: > >> Hi all. >> >> Any help please? >> >> >> On Sat, 30 Jun 2018, 11:24 Delon Lee Di Lun, <[email protected]> >> wrote: >> >>> Hi, >>> >>> Here you go. >>> [image: image.png] >>> >>> >>> On Thu, 28 Jun 2018 at 11:26 David Lang <[email protected]> wrote: >>> >>>> unfortunantly the first of the two images didn't come through for me, >>>> can you >>>> try again? >>>> >>>> David Lang >>>> >>>> On Wed, 27 Jun 2018, Delon Lee Di Lun wrote: >>>> >>>> > Date: Wed, 27 Jun 2018 17:24:37 +0800 >>>> > From: Delon Lee Di Lun <[email protected]> >>>> > To: David Lang <[email protected]> >>>> > Cc: Delon Lee Di Lun via rsyslog <[email protected]>, >>>> > Rainer Gerhards <[email protected]> >>>> > Subject: Re: [rsyslog] IETF template? >>>> > >>>> > Hi, >>>> > >>>> > Is it suppose to be like this? >>>> > [image: image.png] >>>> > >>>> > In the definition, is the entire "SYSLOG-MSG" in the "Message" field >>>> above? >>>> > [image: image.png] >>>> > Yours Sincerely, >>>> > Delon Lee >>>> > >>>> > On Mon, 25 Jun 2018, 10:15 David Lang, <[email protected]> wrote: >>>> > >>>> >> what do you mean "does not change the acutal packagesent"? >>>> >> >>>> >> change it from what? >>>> >> >>>> >> Rsyslog_SyslogProtocol23Format is what RFC-5424 was based on, so they >>>> >> should >>>> >> match (and any differences are unknown bugs) >>>> >> >>>> >> I agree, we should create an alias that makes it much more obvious >>>> that >>>> >> this is >>>> >> the new standard format. >>>> >> >>>> >> David Lang >>>> >> >>>> >> On Sun, 24 Jun 2018, Delon Lee Di Lun via rsyslog wrote: >>>> >> >>>> >>> Date: Sun, 24 Jun 2018 21:34:15 +0800 >>>> >>> From: Delon Lee Di Lun via rsyslog <[email protected]> >>>> >>> To: Rainer Gerhards <[email protected]> >>>> >>> Cc: Delon Lee Di Lun <[email protected]>, >>>> >>> rsyslog-users <[email protected]> >>>> >>> Subject: Re: [rsyslog] IETF template? >>>> >>> >>>> >>> But it does not change the actual packet being sent? >>>> >>> >>>> >>> On Fri, 22 Jun 2018, 21:42 Rainer Gerhards, < >>>> [email protected]> >>>> >>> wrote: >>>> >>> >>>> >>>> 2018-06-22 15:27 GMT+02:00 Delon Lee Di Lun via rsyslog >>>> >>>> <[email protected]>: >>>> >>>>> Hi All, >>>> >>>>> >>>> >>>>> I have set my output template as RSYSLOG_SyslogProtocol23Format >>>> is this >>>> >>>> the >>>> >>>>> RFC 5424? >>>> >>>> >>>> >>>> yes - we used rsyslog when crafting RFC5424, and the template name >>>> is >>>> >>>> historically based on the draft ID. We should probably add an >>>> alias... >>>> >>>> >>>> >>>> Rainer >>>> >>>>> >>>> >>>>> I tcpdump my traffic and it seems like the syslog packet is the >>>> same. >>>> >> is >>>> >>>> it >>>> >>>>> suppose to be? >>>> >>>>> >>>> >>>>> Yours Sincerely, >>>> >>>>> Delon Lee >>>> >>>>> >>>> >>>>> _______________________________________________ >>>> >>>>> rsyslog mailing list >>>> >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> >>>>> http://www.rsyslog.com/professional-services/ >>>> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>> >> myriad >>>> >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>> you >>>> >>>> DON'T LIKE THAT. >>>> >>>> >>>> >>> _______________________________________________ >>>> >>> rsyslog mailing list >>>> >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> >>> http://www.rsyslog.com/professional-services/ >>>> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>> myriad >>>> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>> you >>>> >> DON'T LIKE THAT. >>>> >>> >>>> >> >>>> > >>>> >>> >
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
