Rsyslog: Leading space in RFC5424 formatted messages

When leveraging the RSYSLOG_SyslogProtocol23Format template for sending messages, the MSG field contains a leading space.

The following configuration is being used:

$ActionQueueFileName name1
$ActionQueueMaxFileSize 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
$DefaultNetstreamDriverCAFile /path/to/CA.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer syslog.domain.com
*.* @@(o)syslog.domain.com:1234;RSYSLOG_SyslogProtocol23Format

Issuing the command logger test123 results in the following message being sent to the server. Note the two spaces after the NILVALUE for the structured data field:
<13>1 2014-11-21T19:02:19.219331-06:00 host1 user1 - - -  test123

The above log is mapped to RFC5424 mesage format as follows:
PRI = <13>
VERSION = 1
TIMESTAMP = 2014-11-21T19:02:19.219331-06:00
HOSTNAME = host1
APP-NAME = user1
PROC-ID = -
MSGID = -
STRUCTURED-DATA = -
MSG = ' test123'

The value of the MSG field is enclosed in single quotes above to illustrate the leading space in the message. Every message sent by this server has the leading space. The above is just an example using logger.

rsyslogd 8.4.2, compiled with:
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64

This behavior can be observed in the packet capture of this traffic as well (TLS disabled to test of course).
0x0070: 202d 202d 2020 7465 7374 3132 330a .-.-..test123.

If there is any additional information I can provide or if my test case/config is flawed please let me know. Thanks! :smile: