MonitorWare Knowledge Base

RFC 3164 refers to another RFC for the validity of the HOSTNAME field in syslog message. I couldn't find the proper info in the referred RFC. What characters does rsyslog treats as valid HOSTNAME field in syslog message to be relayed?

In particular, Is '@' a valid character in HOSTNAME field of syslog message? SyslogNg treats '@' a valid HOSTNAME character. Not sure what is their source of information.

appreciate any pointers.

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

I need to check, but we are quite liberal in what we accept. Technically, @ is an invalid character, but I think it's still allowed. Will post when I know exactly.

OK, I checked. '@' is valid, as are a lot of other characters, which are not permitted in hostnames. You may have a look at the code here:

http://rsyslog.cvs.sourceforge.net/rsys ... kup#l_3016

Hostname is delimited by ' ', ':'. These identify a hostname to acutally be a tag: '[', ']' and '/'.

HTH,
Rainer

Thanks for your investigation. Do you have any reference to RFC which states '@' is indeed a valid character allowed in HOSTNAME field of syslog?

It is *not* a valid character, we just accept it. Please note that RFC 3164 is only an informational document, not a standard. Also, if you read it closely, it simply allows anything. RFC 3195 (a real standard) has made some restrictions. 3195 is not yet of any relevance in practice. There is a new standardization effort ongoing, which's outcome is quite in doubt. See the IETF syslog-sec home page if you'd like to further investigate.

Also, if you provide me some more information on why this question is important to you, I can probably provide some better advise.

Thanks,
Rainer