search

papertrail / remote_syslog2

To install, see "Releases" tab. Self-contained daemon for reading local files and emitting remote syslog (without using local syslogd).
http://help.papertrailapp.com/
MIT License
637 stars 157 forks source link

Regarding RFC 5425 compliance (i.e. "Transport Layer Security (TLS) Transport Mapping for Syslog") #231

Open cipriancraciun opened 4 years ago

cipriancraciun commented 4 years ago

According to RFC 5425 "Transport Layer Security (TLS) Transport Mapping for Syslog" -- the counterpart of RFC 5424 -- namely section 4.3 "Sending data", the proper framing for syslog over TCP with TLS is:

APPLICATION-DATA = 1*SYSLOG-FRAME
SYSLOG-FRAME = MSG-LEN SP SYSLOG-MSG
MSG-LEN = NONZERO-DIGIT *DIGIT
SP = %d32
NONZERO-DIGIT = %d49-57
DIGIT = %d48 / NONZERO-DIGIT

(I.e. the message is prefixed with the bytes count of the entire frame.)

However looking in the remote_syslog2 implementation it seems it just appends an \n (and cleans the original message):

https://github.com/papertrail/remote_syslog2/blob/09062fc2b02aece908d52911f4d2ce54b08732af/syslog/syslog.go#L193-L195

Thus my question is if remote_syslog2 is actually compliant with RFC 5425?

(The documentation doesn't seem to state that it is compliant, however it keeps mentioning TLS and thus seems to hint so.)