A change to bring syslogd into RFC5426 land *enforces* a max. length of 480 characters, while the RFC clearly states:
3.2. Message Size
IPv4 syslog receivers MUST be able to receive datagrams with message
sizes up to and including 480 octets. IPv6 syslog receivers MUST be
able to receive datagrams with message sizes up to and including 1180
octets. All syslog receivers SHOULD be able to receive datagrams
with message sizes of up to and including 2048 octets. The ability
to receive larger messages is encouraged.
So, please, issue a fix for this. The size the implementation must
minimaly support should not be the size the implementation can maximally support.
this bugs affects everyone - is there any value in updating it? I can't change it myself.
This bug is still in 12.1-RELEASE and is causing lots of confusion.
Using -O bsd/rfc3164 should not truncate outbound IPv4/IPv6 syslog messages, while issuing syslogd with -O syslog/rfc5424 should truncate outbound IPv4 messages at 480 octets and IPv6 messages at 1180 octets.
By reading syslogd.c it is clear that the truncating of message happens regardless of which option was set.
I would appreciate it very much if someone with better knowledge than I could propose a patch.
To further pinpoint the issue, the error occurs while relaying syslog from one UDP source to a UDP destination. Other variants have not been tested by me.