Syslog remote time zone RSYSLOG_SyslogProtocol23Format

https://vyos.dev/T2938 didn’t implement RFC5424 correctly.

The bug is about not sending timezone in logs to remote log collector.

Right now octet additionally set RFC5424, but only and only while protocol is set to TCP and port is set. Default port doesn’t make it work. There are if conditions in code conf-mode: T2938: Add format octet-counted for syslog by sever-sever · Pull Request #573 · vyos/vyos-1x · GitHub

This has huge impact on collecting and browsing logs. While there is no time zone set, then systems collecting logs assume UTC-0 or even worst they own local time zone. In consequence if your local timezone is to the right of globe from UTC-0 all data are in the future and you will never see them with “last hour” etc. People in US would suffer for issue like it is 3 hours ago but should be 1 ago. But while you have UTC+N, then you get data from the future.

How to fix:
There should be option to set format RFC5424 without octet by set system syslog host X.X.X.X format rfc5424 or rather it should be default format for remote.

It should work for both TCP / UDP and also with default ports.

It was TCP in request, so we implemented it.
By the way you should open a new bug-report/feature request on our official bug tracker https://vyos.dev
When it will be task number fill free to claim the task and create a PR
Thanks

Your account has been disabled.

I am trying. If my account for dev will be accepted, then I will add.

hmm it looks like someone deleted my account for https://vyos.dev . I can’t login anymore and it is showing

There is no account associated with that email address.

when I try to reset password.

Please consider to add the task for me, because I can’t.

What’s the username or email used in vyos.dev ? You can send me private message if you want, so we can check it

user name was: kwladyka

https://vyos.dev/T5367