Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > Log forwarding RFC message formats in LEM

Log forwarding RFC message formats in LEM

Table of contents
No headers

Updated: September 4, 2018

LEM supports log forwarding in two RFC formats: RFC 3164 and RFC 5424. Unlike RFC5424, RFC3164 does not contain the year or time zone in the message header.

See the following message examples:

  • RFC3164: Jul 12 11:11:11 appName: RFC3164 message 
  • RFC5424: 2018-07-12T11:11:11.111Z appName pid - - RFC5424 message
  • You can specify a token using RFC 5424, which is mandatory for forwarding to Loggly.
  • Both formats can be logged by endpoint in a different format. For example, you can convert the timestamp to a Linux timestamp.

Raw message example:

facility: local use 0 (local0)
severity: Warning
message example: <132> Jul 12 11:11:11 appName: RFC3164 message
message example: <132>1 2018-07-12T11:11:11.111Z appName pid - - RFC5424 message

When choosing a format, consider the supported formats related to other SolarWinds products and features:

  • Orion Logs: Both 
  • Kiwi Syslog: RFC3164
  • Loggly: Both
  • Syslog-ng: Depends on the configuration
  • Papertrail: Both



Last modified