Lot of good points mentioned there, and I totally agree that RFC5424 should be used, that mean including TCP as transport protocol for syslog messages. RFC5424 is a TRUE syslog standard, where BSD is not, itβs just an observation whatβs going in the wild.
In mean time I was wondering is it possible to force ROS to include kind of timestamp like with router serial. I can take any option, as before logs reach Splunk Iβm using suslog-ng to play with incoming logs and βrefineβ them before sending on to HEC endpoint.