Extend syslogtag limit from 32 characters in rsyslog / add SYSLOG.ident field to syslog forwarding #8316

oldflint89 · 2024-09-19T08:43:12Z

Description

This bug report addresses the issue of the syslogtag being limited to 32 characters in the default rsyslog configuration used by PacketFence. This limitation affects logs with long program names such as:

api-frontend-docker-wrapper[1587
radiusd-load-balancer-docker-wra

There is no SYSLOG.ident field in syslog forwarding. This field would be highly useful for SIEM systems as it is typically used to identify the program or source generating the syslog message. Including SYSLOG.ident not only improves log clarity but also enhances traceability, making it a valuable addition for better log management and monitoring.

The default 32-character limit causes these program names to be truncated, making it difficult to identify the exact source of logs.
Without the SYSLOG.ident field, it becomes more difficult to quickly identify the program or source responsible for generating a syslog message.

• PacketFence Version: 13.1
• OS: Debian 11 (deployed from PacketFence ZEN appliance image)
It must be the same even for newer versions.

Below is a screenshot from the syslog server as proof.

oldflint89 added the Type: Bug label Sep 19, 2024

satkunas assigned fdurand Sep 19, 2024

satkunas added this to the +1 (patch release) milestone Sep 19, 2024

satkunas added the Priority: High label Sep 19, 2024