PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
This bug report addresses the issue of the syslogtag being limited to 32 characters in the default rsyslog configuration used by PacketFence. This limitation affects logs with long program names such as:
There is no SYSLOG.ident field in syslog forwarding. This field would be highly useful for SIEM systems as it is typically used to identify the program or source generating the syslog message. Including SYSLOG.ident not only improves log clarity but also enhances traceability, making it a valuable addition for better log management and monitoring.
Impacts
The default 32-character limit causes these program names to be truncated, making it difficult to identify the exact source of logs.
Without the SYSLOG.ident field, it becomes more difficult to quickly identify the program or source responsible for generating a syslog message.
Environment
• PacketFence Version: 13.1
• OS: Debian 11 (deployed from PacketFence ZEN appliance image)
It must be the same even for newer versions.
Below is a screenshot from the syslog server as proof.
Description
api-frontend-docker-wrapper[1587 radiusd-load-balancer-docker-wra
Impacts
The default 32-character limit causes these program names to be truncated, making it difficult to identify the exact source of logs.
Without the SYSLOG.ident field, it becomes more difficult to quickly identify the program or source responsible for generating a syslog message.
Environment
• PacketFence Version: 13.1 • OS: Debian 11 (deployed from PacketFence ZEN appliance image) It must be the same even for newer versions.
Below is a screenshot from the syslog server as proof.