Standards the syslog data should follow:
Message format: rfc5424
Transport encapsulation: rfc6587 Octet Counting
Non-compliance with these:
1). Trailing space at the end of log messages:
Messages sent by AM / DJ only contain the STRUCTURED-MSG part and leave out the optional [SP MSG] part. According to the RFC, they should end with the last "]" of that part. But they end with a space.
2). Disallowed characters in APP-NAME and SD-ID:
The fields APP-NAME and SD-ID both contain spaces, which is not allowed by RFC5424 and makes the format ambiguous due to space being the field delimiter.
The relevant code can is part of the commons audit: