UTMStack icon indicating copy to clipboard operation
UTMStack copied to clipboard
verified publisher icon utmstack

Improve RFC-compliant Syslog receiver with TCP/UDP and TLS support

Open JocLRojas opened this issue 1 month ago • 0 comments

Describe the feature

Implement a standards-compliant syslog message receiver that supports multiple transport protocols and framing methods according to IETF RFCs. The module should handle:

  • Automatic framing detection (RFC 6587):
    • Octet counting format
    • Newline-delimited format
  • Transport protocols:
    • UDP (RFC 5426)
    • TCP (RFC 6587)
    • TLS over TCP (RFC 5425)
  • Message validation per RFC 5424 size requirements (480-8192 bytes)
  • Compatibility with both legacy (RFC 3164) and modern (RFC 5424) syslog formats

Use Case

Enterprise SIEM deployments need to:

  1. Receive logs from heterogeneous devices (Cisco, Fortinet, Palo Alto, Linux/Windows servers) using different syslog implementations
  2. Secure sensitive data in transit using TLS encryption
  3. Handle large messages reliably without fragmentation or data loss
  4. Reduce operational complexity through automatic format detection

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • [x] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

JocLRojas avatar Nov 12 '25 22:11 JocLRojas