Does Syslog really have a 1KB message limit?

JL. picture JL. · Jan 6, 2010 · Viewed 36.2k times · Source

It seems Syslog has a 1KB message limit. Is this hardcoded into the Syslog protocol, or is this a parameter that can be set for each server?

I am hoping the article I read was out of date, so if you have any info please share.

Answer

janneb picture janneb · Jan 6, 2010

This is correct, as can be seen in the syslog protocol RFC. This, and other deficiencies in the syslog protocol, is the reason why modern syslog daemons such as rsyslog support enhanced protocols with features such as TCP transport, encryption etc. There was also some effort within the IETF to standardize an improved syslog protocol, which resulted in RFC5424, RFC5425, and RFC 5426. Here, the minimum maximum message size is relatively small (depending on the transport layer), however implementations are allowed to support larger messages as well.