Hi all, 

Is there a way to configure syslog-ng to process properly both RFC3164 and RFC5124 on the same listening port ? 

The scenario is a bunch of devices sending traffic to one  syslog server port (both udp + tcp) with the senders typically not knowing what protocol they are sending. 

We are running syslog-ng 3.13 with this setup: 

source s_syslog { udp(ip(0.0.0.0) port(514)) ; 

                             tcp(ip(0.0.0.0)  port(514)); }

 If needed we could upgrade syslog-ng to 3.19.1 but having checked the doc for 3.19, it seems that the solution would be to create 2 source entries, 1 for RFC3164 with network() and 1 for RFC5124 with  syslog().  Neverthless, these 2 sources would have to listen on *different* ports and that is the problem for us.

Note that we also have an identical issue with cisco traffic, since it's not RFC compliant, syslog-ng adds automatically a header with  timestamp and hostname. 

Thank you.