Hi, syslog-ng seem to have a problem to log lines ending with 0x0d ^M \n isdnlog makes his entries this way. The result was very strange lines ... wkr Thomas Richter -- dss1://49.431.801306 Wot're we going to do tonight, Brain ? gsm://49.179.5192431 The same thing we do every night, Pinky . icq://124849926 Try to TAKE OVER THE WORLD ! mailto:richter@thomas-richter.de http://www.thomas-richter.de
can you post a complete example? I'd put it into my regression testing suite. On Tue, 2004-10-12 at 18:08, Thomas Richter wrote:
Hi, syslog-ng seem to have a problem to log lines ending with 0x0d ^M \n isdnlog makes his entries this way. The result was very strange lines ...
wkr Thomas Richter -- Bazsi
Hi Balazs Scheidler <bazsi@balabit.hu>, you wrote on Wednesday, 2004-10-13 12:11:51 +0200:
can you post a complete example? I'd put it into my regression testing suite.
I hope you mean this: Oct 8 19:40:25 shodan isdnlog: Oct 08 19:40:25 shodan tei 69 calling ? () with T-Easy 520 HLC: CCITT, Telefonie <30>Oct 8 19:40:33 isdnlog: Oct 08 19:40:33 shodan 69 calling ? () with T-Easy 520 Normal call clearing (User) <30>Oct 8 19:40:34 isdnlog: Oct 08 19:40:33 shodan 69 calling ? () with T-Easy 520 HANGUP <4>Oct 8 19:40:35 kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.134. 250.29 DST=80.134.188.162 LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=22072 DF PROTO=TCP SPT=3629 DPT=135 WINDOW=32767 RES=0x00 SYN URGP=0 OPT (020 405A00103030001010402) Oct 8 19:40:40 shodan isdnlog: Oct 08 19:40:40 shodan tei 69 calling ? () with T-Easy 520 HLC: CCITT, Telefonie <30>Oct 8 19:40:46 isdnlog: Oct 08 19:40:46 shodan 69 calling ? () with T-Easy 520 Normal call clearing (User) <30>Oct 8 19:40:47 isdnlog: Oct 08 19:40:47 shodan 69 calling ? () with T-Easy 520 HANGUP <78>Oct 8 19:41:00 /USR/SBIN/CRON[16714]: (root) CMD (/usr/bin/vnstat -u -i ppp0)
On Tue, 2004-10-12 at 18:08, Thomas Richter wrote:
Hi, syslog-ng seem to have a problem to log lines ending with 0x0d ^M \n isdnlog makes his entries this way. The result was very strange lines ...
wkr Thomas Richter -- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
wkr Thomas Richter -- dss1://49.431.801306 Wot're we going to do tonight, Brain ? gsm://49.179.5192431 The same thing we do every night, Pinky . icq://124849926 Try to TAKE OVER THE WORLD ! mailto:richter@thomas-richter.de http://www.thomas-richter.de
On Wed, 2004-10-13 at 15:11, Thomas Richter wrote:
Hi Balazs Scheidler <bazsi@balabit.hu>, you wrote on Wednesday, 2004-10-13 12:11:51 +0200:
can you post a complete example? I'd put it into my regression testing suite.
I hope you mean this:
Oct 8 19:40:25 shodan isdnlog: Oct 08 19:40:25 shodan tei 69 calling ? () with T-Easy 520 HLC: CCITT, Telefonie <30>Oct 8 19:40:33 isdnlog: Oct 08 19:40:33 shodan 69 calling ? () with T-Easy 520 Normal call clearing (User) <30>Oct 8 19:40:34 isdnlog: Oct 08 19:40:33 shodan 69 calling ? () with T-Easy 520 HANGUP <4>Oct 8 19:40:35 kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.134. 250.29 DST=80.134.188.162 LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=22072 DF PROTO=TCP SPT=3629 DPT=135 WINDOW=32767 RES=0x00 SYN URGP=0 OPT (020 405A00103030001010402) Oct 8 19:40:40 shodan isdnlog: Oct 08 19:40:40 shodan tei 69 calling ? () with T-Easy 520 HLC: CCITT, Telefonie <30>Oct 8 19:40:46 isdnlog: Oct 08 19:40:46 shodan 69 calling ? () with T-Easy 520 Normal call clearing (User) <30>Oct 8 19:40:47 isdnlog: Oct 08 19:40:47 shodan 69 calling ? () with T-Easy 520 HANGUP <78>Oct 8 19:41:00 /USR/SBIN/CRON[16714]: (root) CMD (/usr/bin/vnstat -u -i ppp0)
not completely. I'd need a single, but complete log line, in a way that I can reconstruct it byte-by-byte. You can grab this for example by running strace with a large string limit value (-s) attaching to either syslog-ng or isdnlog and looking for a recv/recvmsg/read or send/sendmsg/write line which contain the complete log line. -- Bazsi
Hi Balazs Scheidler <bazsi@balabit.hu>, you wrote on Wednesday, 2004-10-13 18:02:22 +0200:
not completely. I'd need a single, but complete log line, in a way that I can reconstruct it byte-by-byte.
You can grab this for example by running strace with a large string limit value (-s) attaching to either syslog-ng or isdnlog and looking for a recv/recvmsg/read or send/sendmsg/write line which contain the complete log line.
Is this better? (I never used strace) send(3, "<30>Oct 14 17:25:34 isdnlog: \nOct 14 17:25:34 tei 69 calling ? () with T-Easy 520 HANGUP\r", 90, 0) = 90 wkr Thomas Richter -- dss1://49.431.801306 Wot're we going to do tonight, Brain ? gsm://49.179.5192431 The same thing we do every night, Pinky . icq://124849926 Try to TAKE OVER THE WORLD ! mailto:richter@thomas-richter.de http://www.thomas-richter.de
On Thu, 2004-10-14 at 17:28, Thomas Richter wrote:
Hi Balazs Scheidler <bazsi@balabit.hu>, you wrote on Wednesday, 2004-10-13 18:02:22 +0200:
not completely. I'd need a single, but complete log line, in a way that I can reconstruct it byte-by-byte.
You can grab this for example by running strace with a large string limit value (-s) attaching to either syslog-ng or isdnlog and looking for a recv/recvmsg/read or send/sendmsg/write line which contain the complete log line.
Is this better? (I never used strace)
send(3, "<30>Oct 14 17:25:34 isdnlog: \nOct 14 17:25:34 tei 69 calling ? () with T-Easy 520 HANGUP\r", 90, 0) = 90
I'm afraid isdnlog is broken here, and it should be fixed instead of syslog-ng. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Thomas Richter