Hi All! Currently I'm implementing a syslog client which I'm debugging using Wireshark. The messages I'm intending to send shall conform to RFC5424. It seems, that Wireshark recognizes almost all parts of my messages, except the message itself. It decodes MSGID as expected but assigned it all remaining data. According to RFC5424 MSGID is followed by SP STRUCTURED-DATA [SP MSG]. So I would expect, that at lest the SP after MSGID shall be easily identifiable. Is there any reason why thats not done or is my message faulty? (My MSGID is just some ASCII characters conforming to PRINTUSASCII.) Thank You! Pauliman