syslog4j-graylog2 icon indicating copy to clipboard operation
syslog4j-graylog2 copied to clipboard

Published 20 hours ago verified publisher icon graylog-labs

Syslog Server fails to decode message facilities

Open exaSR opened this issue 4 years ago • 0 comments

When receiving syslog messages, the message facility is reported wrongly.

RFC 5424

The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. For example, a kernel message (Facility=0) with a Severity of Emergency (Severity=0) would have a Priority value of 0. Also, a "local use 4" message (Facility=20) with a Severity of Notice (Severity=5) would have a Priority value of 165.

While the sending part of syslog4j is doing things right, the receiving part is not, and SyslogUtility fails to properly decode the facilities due to wrong constants in SyslogConstants.

exaSR avatar Jan 28 '21 09:01 exaSR