[RESOLVED] Benefits of RFC 5424 logs with external log server?
I have my Graylog extractors working perfectly for the old RFC 3164 log format. I used this page to create them.
What are the benefits of switching to RFC 5424 logs if I’m using an external log server? I don't read the logs on the pfSense device itself, so the clog dependency wasn't an issue. So far, the only differences I can see are:
- More accurate timestamps (milliseconds)
- Sends hostname in log
- Structured data separated by equals sign (=) instead of comma-separated values (CSV)
- Longer messages (RFC 3164 was limited to 1024 bytes)
The points you mentioned are the benefits, primarily. Some people need that extra data/different format.
The content the message doesn't change, so nothing on that page is different.
Also those docs you linked are not an official source of documentation and are out of date. Always use https://docs.netgate.com/
@jimp Thanks and thanks!