loki.source.syslog - rfc 5424 and 3164 on the same listener. "alternative format" for parsing similar to stage.timestamp

[Nachtfalkeaw]

Request

Grafana alloy loki.source.syslog allows to ingest syslog with rfc 5424 OR 3164 on one listener.

I would like to see a similar behaviour as in "loki.process --> stage.timestamp" with the format. You may define a primary format and add additional different formats. If the first does not match the second, third, ... is used to parse the timestamp.

I would like to see a similar behaviour in loki.source.syslog. I like to define the primary format of the syslog messages e.g. rfc5424 on ip 10.10.10.10 and port 514 and protocol tcp and if the log can not be parsed instead of dropping the message forward it to the next format rfc316f and parse it there if possible and if not drop it.

From my limited point of view how the parsing works we just need a check before dropping the message if it should be forwarded to another parser or not.

I opened a Feature request here but I am not sure if we need this or if this can be solved in alloy only.
leodido/go-syslog#24
#2275

Use case

You need separate listenere for both rfc, which is bad for enduser experience. They need to know which protocol to use and which port to address. Sometimes applications or appliances do not allow these configurations and you have to use it as it is.