datatracker.ietf.org
Sign in
Version 5.6.4, 2014-10-13
Report a bug

The BSD Syslog Protocol
RFC 3164

Document type: RFC - Informational (August 2001; No errata)
Obsoleted by RFC 5424
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 3164 (Informational)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                         C. Lonvick
Request for Comments: 3164                                 Cisco Systems
Category: Informational                                      August 2001

                        The BSD syslog Protocol

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document describes the observed behavior of the syslog protocol.
   This protocol has been used for the transmission of event
   notification messages across networks for many years.  While this
   protocol was originally developed on the University of California
   Berkeley Software Distribution (BSD) TCP/IP system implementations,
   its value to operations and management has led it to be ported to
   many other operating systems as well as being embedded into many
   other networked devices.

Table of Contents

   1. Introduction....................................................2
   1.1 Events and Generated Messages..................................3
   1.2 Operations of the Message Receivers............................5
   2. Transport Layer Protocol........................................5
   3. Definitions and Architecture....................................5
   4. Packet Format and Contents......................................7
   4.1 syslog Message Parts...........................................8
   4.1.1 PRI Part.....................................................8
   4.1.2 HEADER Part of a syslog Packet..............................10
   4.1.3 MSG Part of a syslog Packet.................................11
   4.2 Original syslog Packets Generated by a Device.................12
   4.3 Relayed syslog Packets........................................12
   4.3.1 Valid PRI and TIMESTAMP.....................................13
   4.3.2 Valid PRI but no TIMESTAMP or invalid TIMESTAMP.............13
   4.3.3 No PRI or Unidentifiable PRI................................14
   5. Conventions....................................................14
   5.1 Dates and Times...............................................15
   5.2 Domain Name and Address.......................................15

Lonvick                      Informational                      [Page 1]
RFC 3164                The BSD syslog Protocol              August 2001

   5.3 Originating Process Information...............................15
   5.4 Examples......................................................16
   6. Security Considerations........................................18
   6.1 Packet Parameters.............................................19
   6.2 Message Authenticity..........................................19
   6.2.1 Authentication Problems.....................................19
   6.2.2 Message Forgery.............................................20
   6.3 Sequenced Delivery............................................20
   6.3.1 Single Source to a Destination..............................20
   6.3.2 Multiple Sources to a Destination...........................21
   6.3.3 Multiple Sources to Multiple Destinations...................21
   6.3.4 Replaying...................................................22
   6.4 Reliable Delivery.............................................22
   6.5 Message Integrity.............................................22
   6.6 Message Observation...........................................22
   6.7 Message Prioritization and Differentiation....................23
   6.8 Misconfiguration..............................................24
   6.9 Forwarding Loop...............................................24
   6.10 Load Considerations..........................................25
   7. IANA Considerations............................................25
   8. Conclusion and Other Efforts...................................25
   Acknowledgements..................................................26
   References........................................................27
   Author's Address..................................................28
   Full Copyright Statement..........................................29

1. Introduction

   Since the beginning, life has relied upon the transmission of
   messages.  For the self-aware organic unit, these messages can relay
   many different things.  The messages may signal danger, the presence
   of food or the other necessities of life, and many other things.  In
   many cases, these messages are informative to other units and require
   no acknowledgement.  As people interacted and created processes, this
   same principle was applied to societal communications.  As an

[include full document text]