Omada Controller "Remote Logging" seems broken
Omada Controller's "remote logging" seems broken. It seems TP-Link doesn't follow the "obsoleted" bsd syslog protocol, not even the latest one published back in 2009.
RFC3164 - BSD Syslog Protocol (obsolete by RFC5424)
RFC5424 - Syslog Protocol (Obsoletes RFC3164)
We configured the Omada Controller to "remote log". On the other end, we use a very popular agent named Telegraf. It supports both the old and new syslog protocols.
In Telegraf, we tried both protocols and none worked. In Telegraf, enabling the "best_effort" option didn't help either.
best_effort : instructs the parser to extract partial but valid info from syslog messages. If unset only full messages will be collected.
In the end messages can't be read by Telegraf.
Per the tests, it seems you guys have close to RFC3164. The timestamp and severity level are there but the remaining of the information is either complitely missing and/or not properly aligned in the message created by the Omada software.
It's going to be a big blocker to move with TP-Link. Data is crucial for security systems that injest the "network" information and based on the analysis of the data, it can take immediate action and prevent a hacker to achieve its goal.
@Fae low priority, could you check if the dev team could do a quick fix the logging? If the current function to send a message is missing any field, a temporary fix is set it to a "-" (dash). I estimate a senior dev person can do a fix in ~1h30-2h30 work, this would make the product compliant to at least 1 RFC.
We're using current latest Omada Controller v5.0.30 in a docker instance.