It was thus said that the Great Jon Combe once stated: > >> 14:43:15.483698 88:43:e1:41:15:3f > 00:0c:29:a2:86:f1, ethertype IPv4 > >> (0x0800), length 76: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], > >> proto: UDP (17), length: 62) 10.167.3.18.514 > 10.167.2.65.514: [udp > >> sum ok] SYSLOG, length: 34 > >> Facility daemon (3), Severity error (3) > >> Msg: last message repeated 5 times\012 > >> 0x0000: 3c32 373e 6c61 7374 206d 6573 7361 6765 > >> 0x0010: 2072 6570 6561 7465 6420 3520 7469 6d65 > >> 0x0020: 730a > >> 0x0000: 4500 003e 0000 4000 3f11 210f 0aa7 0312 > >> E..>....@.?.!..... > >> 0x0010: 0aa7 0241 0202 0202 002a df44 3c32 373e > >> ...A.....*.D<27> > >> 0x0020: 6c61 7374 206d 6573 7361 6765 2072 6570 > >> last.message.rep > >> 0x0030: 6561 7465 6420 3520 7469 6d65 730a > >> eated.5.times. > >> > > > >the message is totally malformed. > > Rainer, > > Thanks for the reply. > > I'm no expert on the format I'm afraid but I have looked at the RFC > http://tools.ietf.org/search/rfc5424
The format being sent is documented in RFC-3164, in which the only mandatory field is PRI---it's up the the receiving end to make sense of the rest of the message. It appears that in your case rsyslogd is mis-interpreting the incoming message. -spc _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
