> Darren,
..
> Please let us know which actual syslog deamons you mean (at best with
> platform and version information).
>
> I would also appreciate if you could do a quick test with them and post
> the results. If possible, please send two messages to them. One as such:
>
> "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on
> /dev/pts/8"
>
> the other one
>
> "<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID -
> 'su root' failed for lonvick on /dev/pts/9"
>
> I would appreciate if you could let us know the resulting format both in
> log files as well as when relaying.
>
> Information about the extend of message distortion will probably help us
> to determine the importance of this issue.
Why not just read the source code ?
Also, read down and observe what ^ is used for.
This has been forgotten in RFC 3164...
printline()
{
..
/* test for special codes */
pri = DEFUPRI;
p = msg;
if (*p == '<') {
pri = 0;
while (isdigit(*++p))
pri = 10 * pri + (*p - '0');
if (*p == '>')
++p;
}
if (pri &~ (LOG_FACMASK|LOG_PRIMASK))
pri = DEFUPRI;
/* don't allow users to log kernel messages */
if (LOG_FAC(pri) == LOG_KERN)
pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri));
q = line;
while ((c = *p++) != '\0' &&
q < &line[sizeof(line) - 2]) {
c &= 0177;
if (iscntrl(c))
if (c == '\n')
*q++ = ' ';
else if (c == '\t')
*q++ = '\t';
else {
*q++ = '^';
*q++ = c ^ 0100;
}
else
*q++ = c;
}
*q = '\0';
logmsg(pri, line, hname, 0);
}
logmsg()
{
..
msglen = strlen(msg);
if (msglen < 16 || msg[3] != ' ' || msg[6] != ' ' ||
msg[9] != ':' || msg[12] != ':' || msg[15] != ' ')
flags |= ADDDATE;
..
}
On top of this, source code exists to map LF to "\n" and use the
\377 format for non-ASCII characters.
It would seem to me that some of our issues have been "solved" by
some vendors that need to be wide-character set savvy...
Darren
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
