All HowTo's Linux Redhat, Fedora and CentOS Linux Synology Ubuntu, Mint & Debian Linux

Comparing Syslog Formats – BSD RFC3164 vs IETF RFC5424

This article compares the two Syslog formats. If you can’t decide, consider “IETF RFC 5424”. This article compares two log entries using different Syslog formats. The event is the same for both entries – logging into a Synology server’s web portal. The user “agix” is logging in from host “10.1.1.100”. The login attempt was successful.

SYSLOG IETF RFC 5424

{
  "message": "User [agix] from [10.1.1.100] signed in to [DSM] successfully via [password].",
  "severity": 6,
  "facility": 1,
  "host": "agix-synology",
  "appname": "Connection",
  "procid": "-",
  "structuredData": "[synolog@6574 event_id=\"0x0014\" synotype=\"Connection\" username=\"agix\" luser=\"agix\" event=\"User [agix\\] from [10.1.1.100\\] signed in to [DSM\\] successfully via [password\\].\" arg_1=\"agix\" arg_2=\"1026\" arg_3=\"10.1.1.100\" arg_4=\"DSM\" arg_5=\"HASH_REMOVED\" arg_6=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0\" arg_7=\"NO\" arg_8=\"password\"][meta sequenceId=\"1\"]",
  "severityName": "info",
  "facilityName": "user",
  "_time": 1724282178,
  "_raw": "<14>1 2024-08-22T08:46:18+09:30 agix-synology Connection - - [synolog@6574 event_id=\"0x0014\" synotype=\"Connection\" username=\"agix\" luser=\"agix\" event=\"User [agix\\] from [10.1.1.100\\] signed in to [DSM\\] successfully via [password\\].\" arg_1=\"agix\" arg_2=\"1026\" arg_3=\"10.1.1.100\" arg_4=\"DSM\" arg_5=\"HASH_REMOVED\" arg_6=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0\" arg_7=\"NO\" arg_8=\"password\"][meta sequenceId=\"1\"] User [agix] from [10.1.1.100] signed in to [DSM] successfully via [password]."
}

SYSLOG BSD RFC 3164

{
  "message": "User [agix] from [10.1.1.100] signed in to [DSM] successfully via [password].",
  "severity": 6,
  "facility": 1,
  "host": "agix-synology",
  "appname": "Connection",
  "severityName": "info",
  "facilityName": "user",
  "_time": 1724316319,
  "_raw": "<14>Aug 22 08:45:19 agix-synology Connection: User [agix] from [10.1.1.100] signed in to [DSM] successfully via [password]."
}

Leave a Reply

Your email address will not be published. Required fields are marked *