Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [RESOLVED] Benefits of RFC 5424 logs with external log server?

    General pfSense Questions
    2
    6
    43
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      logan5247 last edited by logan5247

      I have my Graylog extractors working perfectly for the old RFC 3164 log format. I used this page to create them.

      What are the benefits of switching to RFC 5424 logs if I’m using an external log server? I don't read the logs on the pfSense device itself, so the clog dependency wasn't an issue. So far, the only differences I can see are:

      • More accurate timestamps (milliseconds)
      • Sends hostname in log
      • Structured data separated by equals sign (=) instead of comma-separated values (CSV)
      • Longer messages (RFC 3164 was limited to 1024 bytes)
      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        The points you mentioned are the benefits, primarily. Some people need that extra data/different format.

        L 1 Reply Last reply Reply Quote 0
        • L
          logan5247 @jimp last edited by

          @jimp Thanks!

          One more thing. If I switch to RFC 5424, is there a page similar to this that explains the different values?

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            The content the message doesn't change, so nothing on that page is different.

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              Also those docs you linked are not an official source of documentation and are out of date. Always use https://docs.netgate.com/

              L 1 Reply Last reply Reply Quote 1
              • L
                logan5247 @jimp last edited by

                @jimp Thanks and thanks!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy