NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

wintermute_uk's avatar
wintermute_uk
Aspirant
Oct 09, 2023

Syslog TCP | logs truncate via UDP

Problem: - Logs with a length greater than 1033 chars truncate using syslog (UDP) - There  is no option for Syslog via TCP in the WAX series products - I am sending logs to a linux syslog platform...
schumaku's avatar
schumaku
Guru - Experienced User
Oct 09, 2023
wintermute_uk

 

Request:

- Please add TCP as a feature option to the product

No way. According to RFC3164, syslog does only make use of UDP.

 

This is baked by the IANA definition:

 

The syslog protocol has been assigned UDP port 514. This port assignment will be maintained by IANA exclusively for this protocol.

 

Last, according to the RFC3164, RFC3164 section 4.1 Syslog Message Parts

 

   The full format of a syslog message seen on the wire has three
   discernable parts.  The first part is called the PRI, the second part
   is the HEADER, and the third part is the MSG.  The total length of
   the packet MUST be 1024 bytes or less.  There is no minimum length of
   the syslog message although sending a syslog packet with no contents
   is worthless and SHOULD NOT be transmitted.

 

Time for some brainstorming for Netgear to shorten this over-long text in the MSG part?

 

  • wintermute_uk's avatar
    wintermute_uk
    Aspirant
    Oct 09, 2023

    Hey schumaku It's good to review credible docs such as IETF but I'm afraid your data is out of date. Many platforms now offer SSL / TCP OR UDP based transmission of Syslog. Syslog is both a message format and method of transport and there are more up to date IETF docs mentioning TCP based transmission.

     

    I'm a cyber security professional and I regularly work with platforms such as Palo Alto Firewalls (a market leader) and for the benefit of the discussion I have taken a screenshot of what top tier vendors offer:

     

    Netgear should offer it as a Layer 4 Transport protocol to transmit the Syslog messages.

     

     

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Oct 09, 2023

      Perfectly understand the aim of enhancing security for the decades old BSD syslog - in fact TLS is the preferred way over UDP - it's part of RFC5424 transport proposal. Naked TCP isn't. Don't remember when exactly we had started adding TLS in enterprise log collecting applications ... things I've done in my previous life, round the Y2K change times. From there I am aware about the limited data sizes supported either way. Note: I don't talk as Netgear here, I'm not carrying a Netgear batch, nor am I paid or compensated in any way for the effort I'm doing here in the Netgear Community.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More