[syslog-ng]Perl interface to syslog under Solaris
Loic Minier
syslog-ng@lists.balabit.hu
Mon, 8 Mar 2004 14:28:28 +0100
Loic Minier <lool+syslog@via.ecp.fr> - Mon, Mar 08, 2004:
> The only way I found to distinguish Perl generated datagrams from
> syslogd generated datagrams is the trailing zero.
Since my own message crashed my MUA, I here paste a simple hexdump for
the non-binary readers:
bee% xxd perl-udp.raw
0000000: 3c37 383e 666d 2f6c 6f67 7061 7273 653a <78>fm/logparse:
0000010: 2046 3030 317c 3130 3738 3530 3734 3636 F001|1078507466
0000020: 3030 307c 3038 3035 3d32 3237 3532 7c30 000|0805=22752|0
0000030: 3830 363d 736d 7470 647c 3038 3134 3d62 806=smtpd|0814=b
0000040: 6565 7c30 3830 303d 3139 322e 3136 382e ee|0800=192.168.
0000050: 312e 3837 7c0a 00 1.87|..
bee% xxd syslogd-udp.raw
0000000: 3c37 383e 6d79 7461 673a 2074 6167 6164 <78>mytag: tagad
0000010: 610a a.
It seems to me that regular traffic ends in "0a", and Perl datagrams
in "0a 00" instead.
--
Loïc Minier <lool@dooz.org>