Syslog Standards: RFC3164 vs RFC5424

This page provides a clear and concise comparison between the old syslog standard (RFC 3164) and the modern format (RFC 5424). Whether you're working with legacy systems or modern log management tools, understanding the differences in structure, features, and formatting helps ensure better log parsing, monitoring, and compliance across systems.

Comparison Table

Field	RFC3164 (Old Format)	RFC5424 (New Format)
Example	`<35>Oct 12 22:14:15 client_machine su: 'su root' failed...`	`<35>1 2013-10-11T22:14:15.003Z client_machine su - - - 'su root' failed...`
Timestamp	BSD-style (no year, no timezone)	ISO-8601 with milliseconds and timezone
Priority Field	Numeric value `<Facility * 8 + Severity>`	Same as RFC3164
Hostname	`client_machine`	`client_machine`
Structured Data	Not supported	Supported (e.g. `[exampleSDID@32473 iut="3"]`)
Max Length	~1024 bytes (typical)	Configurable, supports larger payloads

Syslog Priority Matrix: Facility × Severity

Facility-Severity	0 Emergency	1 Alert	2 Critical	3 Error	4 Warning	5 Notice	6 Informational	7 Debug
0 - Kernel	0	1	2	3	4	5	6	7
1 - User	8	9	10	11	12	13	14	15
2 - Mail	16	17	18	19	20	21	22	23
3 - Daemon	24	25	26	27	28	29	30	31
4 - Auth	32	33	34	35	36	37	38	39
5 - Syslog	40	41	42	43	44	45	46	47
6 - LPR	48	49	50	51	52	53	54	55
7 - News	56	57	58	59	60	61	62	63
8 - UUCP	64	65	66	67	68	69	70	71
9 - Cron	72	73	74	75	76	77	78	79
10 - AuthPriv	80	81	82	83	84	85	86	87
11 - FTP	88	89	90	91	92	93	94	95
12 - NTP	96	97	98	99	100	101	102	103
13 - LogAudit	104	105	106	107	108	109	110	111
14 - LogAlert	112	113	114	115	116	117	118	119
15 - ClockDaemon	120	121	122	123	124	125	126	127
16 - Local0	128	129	130	131	132	133	134	135
17 - Local1	136	137	138	139	140	141	142	143
18 - Local2	144	145	146	147	148	149	150	151
19 - Local3	152	153	154	155	156	157	158	159
20 - Local4	160	161	162	163	164	165	166	167
21 - Local5	168	169	170	171	172	173	174	175
22 - Local6	176	177	178	179	180	181	182	183
23 - Local7	184	185	186	187	188	189	190	191

Recommendation

If your logging infrastructure supports RFC5424, it's generally recommended to adopt it due to its structured format, full timestamps with timezone info, and better compatibility with modern log aggregation tools like Splunk, Graylog, and Elasticsearch.

Reference Links

Syslog Standards: A simple Comparison between RFC3164 & RFC5424

Syslog Standards: A simple Comparison between RFC3164 (old format) & RFC5424 (new format) Though syslog standards have been for quite long time, lot of people still doesn't understand the formats in detail. The original standard document is quite lengthy to read and purpose of this article is to explain with examples Some of things you might need to understand The RFC standards can be used in any syslog daemon (syslog-ng, rsyslog etc.) Always try to capture the data in these standards. Especially when you have log aggregation like Splunk or Elastic, these templates are built-in which makes your life simple. Syslog can work with both UDP & TCP Link to the documents the original BSD format ( RFC3164 ) the “new” format ( RFC5424 ) RFC3164 (the old format) RFC3164 originated from combining multiple implementations (Year 2001) ...

Create your own Passport Photo using GIMP

This tutorial is for semi-techies who knows a bit of GIMP (image editing). This tutorial is for UK style passport photo ( 45mm x 35 mm ) which is widely used in UK, Australia, New Zealand, India etc. This is a quick and easy process and one can create Passport photos at home If you are non-technical, use this link . If you want to create United States (USA) Passport photo or Overseas Citizen of India (OCI) photo, please follow this link How to Make your own Passport Photo - Prerequisite GIMP - One of the best image editing tools and its completely Free USB stick or any memory device to store and take to nearby shop A quality Digital camera Local Shops where you can print. Normally it costs (£0.15 or 25 US cents) to print 8 photos Steps (Video Tutorial attached blow of this page) Ask one of your colleague to take a photo of you with a light background. Further details of how to take a photo yourself ...

VS Code & Portable GIT shell integration in Windows

Visual Studio Code & GIT Portable shell Integration Summary Many of your corporate laptop cannot install programs and it is quite good to have them as portable executables. Here we find a way to have Portable VS Code and Portable GIT and integrate the GIT shell into VS Code Pre-Reqs VS Code (Install version or Portable ) GIT portable Steps Create a directory in your Windows device (eg: C:\installables\ ) Unpack GIT portable into the above directory (eg it becomes: C:\installables\PortableGit ) Now unpack Visual Studio (VS) Code and run it. The default shell would be windows based Update User or Workspace settings of VS Code (ShortCut is: Control+Shift+p ) Search for 'Open Workspace Settings (JSON)' and press Enter Update the settings with following setting { "workbench.colorTheme": "Default Dark+", "git.ignoreMissingGitWarning": true, "git.enabled": true, "terminal.integrated.profiles.windo...

DiaryFolio

Search This Blog