[syslog-ng] cisco tcp syslog weirdness/merkwuerdigkeit
Blurry
obsfucate at gmail.com
Wed Aug 22 21:27:41 CEST 2007
I am not sure what to expect from tcp dump, but I don't see much that
matches between the log file and the tcp dump file expect hostnames
and timestamps.
15:00:14.401603 IP (tos 0x0, ttl 250, id 24720, offset 0, flags [none], proto TC
P (6), length 576) router.57230 > loghost.1514: . 40597:41133(536) ack
1 win 4128
15:00:14.415798 IP (tos 0x0, ttl 64, id 48307, offset 0, flags [DF], proto TCP (
6), length 40) loghost.1514 > router.57230: ., cksum 0x61bb (incorrect
(-> 0x0b66), 1:1(0) ack 41133 win 48776
15:00:14.416512 IP (tos 0x0, ttl 250, id 24721, offset 0, flags
[none], proto TCP (6), length 571) router.57230 > loghost.1514: P
41133:41664(531) ack 1 win 4128
15:00:14.465815 IP (tos 0x0, ttl 64, id 48308, offset 0, flags [DF], proto TCP (
6), length 40) loghost.1514 > router.57230: ., cksum 0x61bb (incorrect
(-> 0x073b), 1:1(0) ack 41664 win 49312
I still get one very long line in the log file. The router guy says
that he just turns on 'TCP; syslog and it all comes in one line. Very
frustrating.
Thanks
> A tcpdump would be helpful, as syslog-ng might filter out some
> characters as it writes to the output.
>
> If there's no linetermination, then I'm afraid I cannot help here. The
> message itself can contain <NNN> sequences, so I can't split lines
> there.
>
More information about the syslog-ng
mailing list