log/syslog: generated syslog format is not RFC-compliant #66666
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go version
go version go1.22.1 linux/amd64
Output of
go env
in your module/workspace:What did you do?
I was tracking down a broken syslog implementation in an application and was surprised that the log/syslog package produces a message format that is not compliant with any of the RFCs specifying valid syslog formats (RFC 3164 and RFC 5424).
Example Code: https://go.dev/play/p/cs5p3N3RZrJ
The format produced by the example code looks like this:
While full compliance with the RFCs is often not necessary, this format prevents even basic parsing of the timestamp and the sending hostname, as many implementations separate the fields by counting whitespaces (after detecting the syslog RFC variant being used).
RFC 3164 says:
hh:mm:ss" (without the quote marks)
RFC 5424 defines:
The current implementation uses the structure of the old RFC 3164 (PRI followed immediately by the TIMESTAMP), but the timestamp is in the RFC3339 format used by the new RFC 5424.
The example message with a RFC 3164 header would look like:
The example message with a RFC 5424 header would look like:
I would suggest to support the new RFC 5424 by adding
1
(¨1" followed by a whitespace) after the PRI field. This should help many implementations parsing syslog messages.If this is accepted, I would be willing to contribute the necessary code changes.
What did you see happen?
A syslog message in a format that is not compliant with RFC 3164 or RFC 5424:
What did you expect to see?
A syslog message with basic compliance with RFC 5424:
The text was updated successfully, but these errors were encountered: