2004-06-03, cs keltezéssel 15:57-kor Benjamin.Zoeller@salt-solutions.de ezt írta:
Loic Minier wrote:
Benjamin.Zoeller@salt-solutions.de - Thu, Jun 03, 2004:
The problem is that I can't see the log line itself, thus I am unable here my log:
I think you should send the content of the network packets (containing the log lines). This is achieved with tcpdump -X or -XX under Linux, check man tcpdump if you're running something else.
ah, ok. Now I understand here an login attempt.
15:58:19.707437 XX.XXX.X.XXX.syslog-ng > XXX.XXX.XX.syslog-ng: udp 85 0x0000 4500 0071 ca25 0000 3e11 9ad3 0ac6 00fd E..q.%..>....... 0x0010 0ac7 00fa 0202 0202 005d 04d1 3c31 3430 .........]..<140 0x0020 3e41 4343 543a 204c 4f47 494e 2046 4149 >ACCT:.LOGIN.FAI 0x0030 4c45 4420 6173 2061 646d 696e 2066 726f LED.as.admin.fro 0x0040 6d20 5445 4c4e 4554 2031 302e 3139 392e m.TELNET.10.199. 0x0050 322e 2.
I'm afraid but this is not a complete packet. tcpdump says it is 85 bytes long, but it is 82 only, and as it seems the line itself is not complete either (the last IP address is terminated after the third number) I sent the same message to my local syslog-ng process but there was no NUL character appended. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1