[syslog-ng] Invalid frame header; header=''

[jnordwick]

RFC 5426 (over UDP) does not seem to describe the header that syslog- 
ng keep complaining about. What I was able to tell from tcpdump is  
that the message is prefixed with the number of bytes in the message  
followed by a space (then the message with a terminating newline).

At least this seems to work for syslog-ng, but I am not sure how  
compliant I am being.

-j


On Oct 14, 2009, at 2:37 PM, Höltzl Péter wrote:

>> Hi!
>
>> AFAIK (Bazsi, pls correct if I'm wrong) the format is described in
>> RFC5425 (http://tools.ietf.org/html/rfc5425) Section 4.3 "Sending  
>> data".
>> The RFC concerns TLS transport, but syslog-ng implements the same
>> transport format over TCP as well.
>
> Yes. RFC5424 only describes the message format but do not deals with  
> the
> transport. RFC5425 defines RFC5424 over TLS/TCP, while RFC546  
> describes
> RFC5424 over UDP. It means RFC5424 over TCP (not encrypted) is not RFC
> compliant. Syslog-ng can provide the following non-standard trasports:
>
> * RFC3164 over TCP
> * RFC3164 over TCP/TLS
> * RFC5424 over TCP
>
> Best wishes,
>
> Peter Höltzl
>
>
> -- 
> Höltzl Péter
> CISA, IT biztonsági tanácsadó
> holtzl.peter at balabit.hu
> +36 20 366 9667
>
> BalaBit IT Security
> 1115 Budapest
> XI. Bártfai u. 54.
> Tel +36 1 371 0540
> Fax +36 1 208 0875
>
> Az üzenet és annak bármely csatolt anyaga bizalmas, jogi védelem  
> alatt
> áll, a nyilvános közléstől védett. Az üzenetet kizárólag a  
> címzett,
> illetve az általa meghatalmazottak használhatják fel. Ha Ön nem az
> üzenet címzettje, úgy kérjük, hogy telefonon, vagy e-mail-ben  
> értesítse
> erről az üzenet küldőjét és törölje az üzenetet, valamint  
> annak összes
> csatolt mellékletét a rendszeréből. Ha Ön nem az üzenet  
> címzettje, abban
> az esetben tilos az üzenetet vagy annak bármely csatolt  
> mellékletét
> lemásolnia, elmentenie, az üzenet tartalmát bárkivel közölnie  
> vagy azzal
> visszaélnie.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>


------------------------------------------------------------------------------------------
This message is for the named person(s) use only. It may contain confidential proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Allston Trading LLC and its subsidiaries and affiliates each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
------------------------------------------------------------------------------------------