• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[RESOLVED] Benefits of RFC 5424 logs with external log server?

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 2 Posters 706 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    logan5247
    last edited by logan5247 Feb 18, 2021, 5:24 PM Feb 18, 2021, 4:18 PM

    I have my Graylog extractors working perfectly for the old RFC 3164 log format. I used this page to create them.

    What are the benefits of switching to RFC 5424 logs if Iā€™m using an external log server? I don't read the logs on the pfSense device itself, so the clog dependency wasn't an issue. So far, the only differences I can see are:

    • More accurate timestamps (milliseconds)
    • Sends hostname in log
    • Structured data separated by equals sign (=) instead of comma-separated values (CSV)
    • Longer messages (RFC 3164 was limited to 1024 bytes)
    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Feb 18, 2021, 4:42 PM

      The points you mentioned are the benefits, primarily. Some people need that extra data/different format.

      Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      L 1 Reply Last reply Feb 18, 2021, 4:44 PM Reply Quote 0
      • L
        logan5247 @jimp
        last edited by Feb 18, 2021, 4:44 PM

        @jimp Thanks!

        One more thing. If I switch to RFC 5424, is there a page similar to this that explains the different values?

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Feb 18, 2021, 4:51 PM

          The content the message doesn't change, so nothing on that page is different.

          Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Feb 18, 2021, 4:52 PM

            Also those docs you linked are not an official source of documentation and are out of date. Always use https://docs.netgate.com/

            Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            L 1 Reply Last reply Feb 18, 2021, 5:24 PM Reply Quote 1
            • L
              logan5247 @jimp
              last edited by Feb 18, 2021, 5:24 PM

              @jimp Thanks and thanks!

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received