The BSD Syslog Protocol
RFC 3164
Document | Type |
RFC - Informational
(August 2001; No errata)
Obsoleted by RFC 5424
|
|
---|---|---|---|
Author | Chris Lonvick | ||
Last updated | 2013-03-02 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3164 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group C. Lonvick Request for Comments: 3164 Cisco Systems Category: Informational August 2001 The BSD syslog Protocol Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract This document describes the observed behavior of the syslog protocol. This protocol has been used for the transmission of event notification messages across networks for many years. While this protocol was originally developed on the University of California Berkeley Software Distribution (BSD) TCP/IP system implementations, its value to operations and management has led it to be ported to many other operating systems as well as being embedded into many other networked devices. Table of Contents 1. Introduction....................................................2 1.1 Events and Generated Messages..................................3 1.2 Operations of the Message Receivers............................5 2. Transport Layer Protocol........................................5 3. Definitions and Architecture....................................5 4. Packet Format and Contents......................................7 4.1 syslog Message Parts...........................................8 4.1.1 PRI Part.....................................................8 4.1.2 HEADER Part of a syslog Packet..............................10 4.1.3 MSG Part of a syslog Packet.................................11 4.2 Original syslog Packets Generated by a Device.................12 4.3 Relayed syslog Packets........................................12 4.3.1 Valid PRI and TIMESTAMP.....................................13 4.3.2 Valid PRI but no TIMESTAMP or invalid TIMESTAMP.............13 4.3.3 No PRI or Unidentifiable PRI................................14 5. Conventions....................................................14 5.1 Dates and Times...............................................15 5.2 Domain Name and Address.......................................15 Lonvick Informational [Page 1] RFC 3164 The BSD syslog Protocol August 2001 5.3 Originating Process Information...............................15 5.4 Examples......................................................16 6. Security Considerations........................................18 6.1 Packet Parameters.............................................19 6.2 Message Authenticity..........................................19 6.2.1 Authentication Problems.....................................19 6.2.2 Message Forgery.............................................20 6.3 Sequenced Delivery............................................20 6.3.1 Single Source to a Destination..............................20 6.3.2 Multiple Sources to a Destination...........................21 6.3.3 Multiple Sources to Multiple Destinations...................21 6.3.4 Replaying...................................................22 6.4 Reliable Delivery.............................................22 6.5 Message Integrity.............................................22 6.6 Message Observation...........................................22 6.7 Message Prioritization and Differentiation....................23 6.8 Misconfiguration..............................................24 6.9 Forwarding Loop...............................................24 6.10 Load Considerations..........................................25 7. IANA Considerations............................................25 8. Conclusion and Other Efforts...................................25 Acknowledgements..................................................26 References........................................................27 Author's Address..................................................28 Full Copyright Statement..........................................29 1. Introduction Since the beginning, life has relied upon the transmission of messages. For the self-aware organic unit, these messages can relay many different things. The messages may signal danger, the presence of food or the other necessities of life, and many other things. In many cases, these messages are informative to other units and require no acknowledgement. As people interacted and created processes, this same principle was applied to societal communications. As an example, severe weather warnings may be delivered through any number of channels - a siren blowing, warnings delivered over television and radio stations, and even through the use of flags on ships. TheShow full document text