Added syslog fields for facility and message identifier

[Spferical]

One line description of pull request

Adds syslog fields for facility, identifier, and raw message

Description:

This PR adds facility and identifier to syslog output events. It also adds a raw message field, which includes the original unmodified syslog message for further inspection, in addition to the reconstructed message already produced in regular Plaso message output.

Note: I looked into getting some fresh example rsyslog output with the identifier set by running an alpine podman image, but I found it a bit difficult to configure it to look correct. After apk add rsyslog, apk add util-linux (for logger), configuring module(load="builtin:omfile" Template="RSYSLOG_SyslogProtocol23Format"), and running rsyslogd -n & and logger --rfc5424 --msgid "123" "This is a test message", I got the interesting log line:

<13>1 2025-12-19T23:47:48.185382+00:00 2cc32a98e28e 1 - - -  2025-12-19T23:47:48.185347+00:00 2cc32a98e28e root - 123 [timeQuality tzKnown="1" isSynced="0"] This is a test message

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

• No new new dependencies are required or l2tdevtools has been updated.
• Test data has a Plaso compatible license. If the test data was not authored by you (the contributor), make sure to mention its orginal source in ACKNOWLEDGEMENTS.
• Reviewer assigned.
• Automated checks (GitHub Actions, AppVeyor) pass.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.15%. Comparing base (685abeb) to head (f3c0b8d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5021   +/-   ##
=======================================
  Coverage   85.14%   85.15%           
=======================================
  Files         433      433           
  Lines       38988    39002   +14     
=======================================
+ Hits        33198    33212   +14     
  Misses       5790     5790           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joachimmetz]

Thanks for the suggested changes, the reason why the raw message is not included is significant increase of storage file size for large syslog files.

It is probably more appropriate to put it behind an optional processing option, to be included if really desired.

[Spferical]

Thanks for the suggested changes, the reason why the raw message is not included is significant increase of storage file size for large syslog files.

It is probably more appropriate to put it behind an optional processing option, to be included if really desired.

Gotcha, thanks! I dropped it from this PR for now and will look into adding it as a followup. If I understand correctly, it should be an extraction argument.