On Thu, Sep 15, 2016 at 1:13 AM, InfoSec <gjahc...@compucenter.org> wrote:
> Regardless of the syslog RFC, they all allow messages up to 1024 bytes. The
> entire message is 1017 bytes.
>
> I think csyslogd is choking on the \r\n\t\t (carriage return, line feed, and
> two tabs) that precede every group SID. The event is being truncated just
> before the first \r\n\t\t.
>
> I do not know which other events include any of the above characters and are
> most likely to suffer from the same fate.
>
> AFAIC this is a serious flaw that precludes the use of OSSEC in the
> environment.
>

IIRC, csyslogd isn't vert big. It shouldn't be too difficult to poke
around and try to debug this.

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to