[syslog-ng]Syslog-ng 1.6.4 adds ^@ to each line

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Fri, 4 Jun 2004 10:52:11 +0200 

Hi Balazs,
it is very curios. The some tcpdumps gives me not all characters. =
Perhaps
this is the problem???
Here some new ones:

10:49:09.668790 .syslog-ng > .syslog-ng: udp 85
0x0000   4500 0071 cfed 0000 3e11 950b 0ac6 00fd        =
E..q....>.......
0x0010   0ac7 00fa 0202 0202 005d 1cd7 3c31 3430        =
.........]..<140
0x0020   3e41 4343 543a 204c 4f47 494e 2046 4149        =
>ACCT:.LOGIN.FAI
0x0030   4c45 4420 6173 2061 646d 696e 2066 726f        =
LED.as.admin.fro
0x0040   6d20 5445 4c4e 4554 2031 302e 3139 392e        =
m.TELNET.10.199.
0x0050   322e                                           2.
10:49:27.116598 .syslog-ng > .syslog-ng: udp 82
0x0000   4500 006e cff6 0000 3e11 9505 0ac6 00fd        =
E..n....>.......
0x0010   0ac7 00fa 0202 0202 005a 0e93 3c31 3430        =
.........Z..<140
0x0020   3e41 4343 543a 204c 4f47 494e 2046 4149        =
>ACCT:.LOGIN.FAI
0x0030   4c45 4420 6173 2031 3220 6672 6f6d 2054        =
LED.as.12.from.T
0x0040   454c 4e45 5420 3130 2e31 3939 2e32 2e36        =
ELNET.10.199.2.6
0x0050   3520                                           5.
10:52:18.644121 .syslog-ng > .syslog-ng: udp 84
0x0000   4500 0070 d007 0000 3e11 94f2 0ac6 00fd        =
E..p....>.......
0x0010   0ac7 00fa 0202 0202 005c 6ef8 3c31 3430        =
.........\n.<140
0x0020   3e41 4343 543a 204c 4f47 494e 2046 4149        =
>ACCT:.LOGIN.FAI
0x0030   4c45 4420 6173 2061 7364 6620 6672 6f6d        =
LED.as.asdf.from
0x0040   2054 454c 4e45 5420 3130 2e31 3939 2e32        =
.TELNET.10.199.2
0x0050   2e36                                           .6
10:52:21.290085 .syslog-ng > .syslog-ng: udp 85
0x0000   4500 0071 d015 0000 3e11 94e3 0ac6 00fd        =
E..q....>.......
0x0010   0ac7 00fa 0202 0202 005d 3f3a 3c31 3430        =
.........]?:<140
0x0020   3e41 4343 543a 204c 4f47 494e 2046 4149        =
>ACCT:.LOGIN.FAI
0x0030   4c45 4420 6173 2077 7433 3435 2066 726f        =
LED.as.wt345.fro
0x0040   6d20 5445 4c4e 4554 2031 302e 3139 392e        =
m.TELNET.10.199.
0x0050   322e                                           2.

Balazs Scheidler wrote:
> 2004-06-03, cs keltez=E9ssel 15:57-kor
> Benjamin.Zoeller@salt-solutions.de ezt =EDrta:
>> Loic Minier wrote:
>>> Benjamin.Zoeller@salt-solutions.de - Thu, Jun 03, 2004:
>>>=20
>>>>> The problem is that I can't see the log line itself, thus I am
>>>>> unable here my log:
>>>=20
>>>  I think you should send the content of the network packets
>>>  (containing the log lines).  This is achieved with tcpdump -X or
>>>  -XX under Linux, check man tcpdump if you're running something
>>> else.=20
>>=20
>> ah, ok.
>> Now I understand here an login attempt.
>>=20
>> 15:58:19.707437 XX.XXX.X.XXX.syslog-ng > XXX.XXX.XX.syslog-ng: udp =
85
>> 0x0000   4500 0071 ca25 0000 3e11 9ad3 0ac6 00fd      =20
>> E..q.%..>....... 0x0010   0ac7 00fa 0202 0202 005d 04d1 3c31 3430  =20
>> .........]..<140 0x0020   3e41 4343 543a 204c 4f47 494e 2046 4149  =20
>> >ACCT:.LOGIN.FAI 0x0030   4c45 4420 6173 2061 646d 696e 2066 726f  =20
>> LED.as.admin.fro 0x0040   6d20 5445 4c4e 4554 2031 302e 3139 392e  =20
>> m.TELNET.10.199. 0x0050   322e                                     =20
>> 2.=20
>=20
> I'm afraid but this is not a complete packet. tcpdump says it is 85
> bytes long, but it is 82 only, and as it seems the line itself is not
> complete either (the last IP address is terminated after the third
> number)
>=20
> I sent the same message to my local syslog-ng process but there was =
no
> NUL character appended.