[syslog-ng]Syslog-ng 1.6.4 adds ^@ to each line
Steven S.
syslog-ng@lists.balabit.hu
Fri, 4 Jun 2004 08:02:18 -0400
You'll want the whole packet. I suggest "-s 1500". Then we'll be able to
see if the router/device is actually transmitting the ^@ (or some other
non-printable character.)
-Steve s.
Benjamin.Zoeller@salt-solutions.de wrote:
> Hi again,
> here is an tcpdump with parameter -s 255 thx to jozsef
>
> 13:24:30.357952 000.000.000.000.syslog-ng >
> 000.000.000.000.syslog-ng: udp 83 0x0000 4500 006f d16e 0000 3e11
> 938c 0000 0000 E..o.n..>....... 0x0010 0000 0000 0202 0202
> 005b 902c 3c31 3430 .........[.,<140 0x0020 3e41 4343 543a
> 204c 4f47 494e 2046 4149 >ACCT:.LOGIN.FAI 0x0030 4c45 4420
> 6173 2079 6164 2066 726f 6d20 LED.as.yad.from. 0x0040 5445
> 4c4e 4554 2031 302e 3139 392e 322e TELNET.10.199.2. 0x0050
> 3635 2061 7420 4672 6920 4a75 6e20 2034 65.at.Fri.Jun..4
> 0x0060 2031 323a 3234 3a32 3820 3230 3034 00
> .12:24:28.2004.
>
> @John
> thx for your hint, but I think it`s to late now.
> I simply forgot to hide this in the hex part.
>
> @all
> Hope somebody can tell me why I get ^@ at each line.
>
> Thx
> Benjamin
>
> John Kristoff wrote:
>> On Fri, 4 Jun 2004 10:52:11 +0200 Benjamin.Zoeller@salt-solutions.de
>> wrote:
>>
>>> 10:49:09.668790 .syslog-ng > .syslog-ng: udp 85
>>> 0x0000 4500 0071 cfed 0000 3e11 950b 0ac6 00fd
>>> E..q....>....... 0x0010 0ac7 00fa 0202 0202 005d 1cd7 3c31 3430
>>> .........]..<140
>>
>> If you're going to go through the trouble of hiding IPs, you should
>> mask the hex portion as well. Though your use of 10/8 offers you
>> some privacy already I suppose.
>>
>> John
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked
> questions at http://www.campin.net/syslog-ng/faq.html