Dealing with multiple syslog protocols in syslog-ng made easy
There are multiple syslog protocols with multiple variants. The new transport(auto) option of the syslog() source in syslog-ng allows you to support all TCP-based variants with a single source driver.
When it comes to syslog, there are many transport options. RFC3164 describes the “legacy” or “BSD” syslog protocol, while RFC5424 refers to the “new” syslog protocol (which is also more than a decade old now… :-) ). RFC5424-formatted messages normally come with framing or octet counting (as per RFC6587), where messages are prefixed with the length of the message. And just to increase confusion even more, some software use RFC5424 message formatting, but without octet counting.
Read more at https://www.syslog-ng.com/community/b/blog/posts/dealing-with-multiple-syslog-protocols-in-syslog-ng-made-easy
