How to configure rsyslogd to emit rfc5424 messages?

I want to configure my Linux machine using rsyslogd with the simplest yet standard way. I’ll save all the logs to /var/log/syslog with rotation.

From my research it looks like the standard syslog format is defined by rfc5424, and I assume rsyslogd supports that format out of the box.

Yet I can’t find any built-in template for rfc5424 in the rsyslogd documentation.

So how can I configure my rsyslogd for rfc5424 format?

Asked By: Avi Shukron


Rsyslog has a built-in template named RSYSLOG_SyslogProtocol23Format which is RFC5424 compatible.

Beats me why it does not define a template with more explicit name…

Answered By: Avi Shukron

Adding to what Avi said, to make RFC424 the default you can use:

For writing to files:

$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format

For sending to the network

$ActionForwardDefaultTemplate RSYSLOG_SyslogProtocol23Format
Answered By: Ben Aveling
