[syslog-ng]Syslog-ng 1.6.4 adds ^@ to each line
Balazs Scheidler
syslog-ng@lists.balabit.hu
Fri, 04 Jun 2004 10:45:06 +0200
2004-06-03, cs keltezéssel 15:57-kor Benjamin.Zoeller@salt-solutions.de
ezt írta:
> Loic Minier wrote:
> > Benjamin.Zoeller@salt-solutions.de - Thu, Jun 03, 2004:
> >
> >>> The problem is that I can't see the log line itself, thus I am
> >>> unable here my log:
> >
> > I think you should send the content of the network packets
> > (containing the log lines). This is achieved with tcpdump -X or -XX
> > under Linux, check man tcpdump if you're running something else.
>
> ah, ok.
> Now I understand here an login attempt.
>
> 15:58:19.707437 XX.XXX.X.XXX.syslog-ng > XXX.XXX.XX.syslog-ng: udp 85
> 0x0000 4500 0071 ca25 0000 3e11 9ad3 0ac6 00fd E..q.%..>.......
> 0x0010 0ac7 00fa 0202 0202 005d 04d1 3c31 3430 .........]..<140
> 0x0020 3e41 4343 543a 204c 4f47 494e 2046 4149 >ACCT:.LOGIN.FAI
> 0x0030 4c45 4420 6173 2061 646d 696e 2066 726f LED.as.admin.fro
> 0x0040 6d20 5445 4c4e 4554 2031 302e 3139 392e m.TELNET.10.199.
> 0x0050 322e 2.
I'm afraid but this is not a complete packet. tcpdump says it is 85
bytes long, but it is 82 only, and as it seems the line itself is not
complete either (the last IP address is terminated after the third
number)
I sent the same message to my local syslog-ng process but there was no
NUL character appended.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1