https://forum.vyos.io/t/syslog-remote-time-zone-rsyslog-syslogprotocol23format/11555

The bug is about not sending timezone in logs to remote log collector.

vyos doc: https://docs.vyos.io/en/equuleus/configuration/system/syslog.html#remote-host

What is rfc5424: https://datatracker.ietf.org/doc/html/rfc5424

current implementation: https://github.com/vyos/vyos-1x/pull/573

What is the problem?
logs are send without time zone which means server which collect them can't determine time zone, so assume UTC.
In consequence if you live on the right side of the globe of UTC-0 you have data from the future. "Last hour" logs doesn't show fresh logs, because new one are in the future. Data from the future in general is a problem.
If you live on the left side of the globe, then your logs are for example -3hours.

How to fix:
Assumption server collecting logs has set the same time zone as all vyos servers is wrong. Time zone should be always sent. Make rfc5424 standard as default one and always use it for remote server. Sending logs to remote server without time zone is not good practice.

If you don't want to make it as default behaviour add set system syslog host X.X.X.X format rfc5424.

Please notice rfc5424 work for both TCP / UDP and doesn't need to have custom port to set. Right now in code there are if conditions for protocol TCP and custom port.