RE: [syslog-ng]Syslog-ng 1.6.4 adds ^@ to each line
Hi again, here is an tcpdump with parameter -s 255 thx to jozsef 13:24:30.357952 000.000.000.000.syslog-ng > 000.000.000.000.syslog-ng: udp 83 0x0000 4500 006f d16e 0000 3e11 938c 0000 0000 E..o.n..>....... 0x0010 0000 0000 0202 0202 005b 902c 3c31 3430 .........[.,<140 0x0020 3e41 4343 543a 204c 4f47 494e 2046 4149 >ACCT:.LOGIN.FAI 0x0030 4c45 4420 6173 2079 6164 2066 726f 6d20 LED.as.yad.from. 0x0040 5445 4c4e 4554 2031 302e 3139 392e 322e TELNET.10.199.2. 0x0050 3635 2061 7420 4672 6920 4a75 6e20 2034 65.at.Fri.Jun..4 0x0060 2031 323a 3234 3a32 3820 3230 3034 00 .12:24:28.2004. @John thx for your hint, but I think it`s to late now. I simply forgot to hide this in the hex part. @all Hope somebody can tell me why I get ^@ at each line. Thx Benjamin John Kristoff wrote:
On Fri, 4 Jun 2004 10:52:11 +0200 Benjamin.Zoeller@salt-solutions.de wrote:
10:49:09.668790 .syslog-ng > .syslog-ng: udp 85 0x0000 4500 0071 cfed 0000 3e11 950b 0ac6 00fd E..q....>....... 0x0010 0ac7 00fa 0202 0202 005d 1cd7 3c31 3430 .........]..<140
If you're going to go through the trouble of hiding IPs, you should mask the hex portion as well. Though your use of 10/8 offers you some privacy already I suppose.
John
You'll want the whole packet. I suggest "-s 1500". Then we'll be able to see if the router/device is actually transmitting the ^@ (or some other non-printable character.) -Steve s. Benjamin.Zoeller@salt-solutions.de wrote:
Hi again, here is an tcpdump with parameter -s 255 thx to jozsef
13:24:30.357952 000.000.000.000.syslog-ng > 000.000.000.000.syslog-ng: udp 83 0x0000 4500 006f d16e 0000 3e11 938c 0000 0000 E..o.n..>....... 0x0010 0000 0000 0202 0202 005b 902c 3c31 3430 .........[.,<140 0x0020 3e41 4343 543a 204c 4f47 494e 2046 4149 >ACCT:.LOGIN.FAI 0x0030 4c45 4420 6173 2079 6164 2066 726f 6d20 LED.as.yad.from. 0x0040 5445 4c4e 4554 2031 302e 3139 392e 322e TELNET.10.199.2. 0x0050 3635 2061 7420 4672 6920 4a75 6e20 2034 65.at.Fri.Jun..4 0x0060 2031 323a 3234 3a32 3820 3230 3034 00 .12:24:28.2004.
@John thx for your hint, but I think it`s to late now. I simply forgot to hide this in the hex part.
@all Hope somebody can tell me why I get ^@ at each line.
Thx Benjamin
John Kristoff wrote:
On Fri, 4 Jun 2004 10:52:11 +0200 Benjamin.Zoeller@salt-solutions.de wrote:
10:49:09.668790 .syslog-ng > .syslog-ng: udp 85 0x0000 4500 0071 cfed 0000 3e11 950b 0ac6 00fd E..q....>....... 0x0010 0ac7 00fa 0202 0202 005d 1cd7 3c31 3430 .........]..<140
If you're going to go through the trouble of hiding IPs, you should mask the hex portion as well. Though your use of 10/8 offers you some privacy already I suppose.
John
syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
2004-06-04, p keltezéssel 13:34-kor Benjamin.Zoeller@salt-solutions.de ezt írta:
Hi again, here is an tcpdump with parameter -s 255 thx to jozsef
13:24:30.357952 000.000.000.000.syslog-ng > 000.000.000.000.syslog-ng: udp 83 0x0000 4500 006f d16e 0000 3e11 938c 0000 0000 E..o.n..>....... 0x0010 0000 0000 0202 0202 005b 902c 3c31 3430 .........[.,<140 0x0020 3e41 4343 543a 204c 4f47 494e 2046 4149 >ACCT:.LOGIN.FAI 0x0030 4c45 4420 6173 2079 6164 2066 726f 6d20 LED.as.yad.from. 0x0040 5445 4c4e 4554 2031 302e 3139 392e 322e TELNET.10.199.2. 0x0050 3635 2061 7420 4672 6920 4a75 6e20 2034 65.at.Fri.Jun..4 0x0060 2031 323a 3234 3a32 3820 3230 3034 00 .12:24:28.2004.
@John thx for your hint, but I think it`s to late now. I simply forgot to hide this in the hex part.
@all Hope somebody can tell me why I get ^@ at each line.
Can you check if this patch works? (it fixed the problem for me) diff -u -r1.37.4.2 sources.c --- src/sources.c 10 Mar 2004 18:43:28 -0000 1.37.4.2 +++ src/sources.c 4 Jun 2004 12:28:26 -0000 @@ -120,6 +120,13 @@ full or we are a datagram receiver, when the message is in its own packet. */ + if (closure->dgram) { + /* strip one trailing LF or NUL character */ + if (closure->pos > 0 && + (closure->buffer[closure->pos - 1] == '\n' || + closure->buffer[closure->pos - 1] == '\0')) + closure->pos--; + } do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen); closure->pos = 0; return ST_OK | ST_GOON; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (3)
-
Balazs Scheidler
-
Benjamin.Zoeller@salt-solutions.de
-
Steven S.