BSD-syslog or legacy-syslog messages

New to AxoSyslog? AxoSyslog is a binary compatible syslog-ng replacement, from the original creator, developed by the same team.

Same architecture, same config files, same paths. Cloud-native images, fast releases, modern observability (OTel, K8s, Windows), and powerful data processing: read more about the differences between AxoSyslog and syslog-ng.

Also, it’s super easy to install, and you can upgrade from syslog-ng in minutes.

This section describes the format of a syslog message, according to the legacy-syslog or BSD-syslog protocol. A syslog message consists of the following parts:

The total message cannot be longer than 1024 bytes.

The following is a sample syslog message

<133>Feb 25 14:09:07 webserver syslogd: restart

The message corresponds to the following format:

<priority>timestamp hostname application: message

The different parts of the message are explained in the following sections.

Note The AxoSyslog application supports longer messages as well. For details, see the log-msg-size() option in Global options reference. However, it is not recommended to enable messages larger than the packet size when using UDP destinations.

The PRI message part

The HEADER message part

The MSG message part

Last modified July 7, 2025: Adds banner to high-traffic pages (8f28f4e)