[RESOLVED] Benefits of RFC 5424 logs with external log server?
-
I have my Graylog extractors working perfectly for the old RFC 3164 log format. I used this page to create them.
What are the benefits of switching to RFC 5424 logs if Iโm using an external log server? I don't read the logs on the pfSense device itself, so the clog dependency wasn't an issue. So far, the only differences I can see are:
- More accurate timestamps (milliseconds)
- Sends hostname in log
- Structured data separated by equals sign (=) instead of comma-separated values (CSV)
- Longer messages (RFC 3164 was limited to 1024 bytes)
-
The points you mentioned are the benefits, primarily. Some people need that extra data/different format.
-
-
The content the message doesn't change, so nothing on that page is different.
-
Also those docs you linked are not an official source of documentation and are out of date. Always use https://docs.netgate.com/
-
@jimp Thanks and thanks!