subject:"Re\: \[Syslog\] #1 \- RFC3164, was\: Consensus\?"

RE: [Syslog] #1 - RFC3164, was: Consensus?

2005-11-28 Thread Anton Okmianski \(aokmians\)

Which system is this source from? 

On Solaris, if you send \r\n characters, you will see ^M\n in the log. 

Anton. 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed
 Sent: Sunday, November 27, 2005 3:23 PM
 To: Rainer Gerhards
 Cc: [EMAIL PROTECTED]
 Subject: Re: [Syslog] #1 - RFC3164, was: Consensus?
 
  Darren,
 ..
  Please let us know which actual syslog deamons you mean (at 
 best with 
  platform and version information).
  
  I would also appreciate if you could do a quick test with them and 
  post the results. If possible, please send two messages to 
 them. One as such:
  
  34Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on 
  /dev/pts/8
  
  the other one
  
  1481 2003-10-11T22:14:15.003Z mymachine.example.com su 
 4711 MSGID - 
  'su root' failed for lonvick on /dev/pts/9
  
  I would appreciate if you could let us know the resulting 
 format both 
  in log files as well as when relaying.
  
  Information about the extend of message distortion will 
 probably help 
  us to determine the importance of this issue.
 
 Why not just read the source code ?
 
 Also, read down and observe what ^ is used for.
 This has been forgotten in RFC 3164...
 
 printline()
 {
 ..
 /* test for special codes */
 pri = DEFUPRI;
 p = msg;
 if (*p == '') {
 pri = 0;
 while (isdigit(*++p))
 pri = 10 * pri + (*p - '0');
 if (*p == '')
 ++p;
 }
 if (pri ~ (LOG_FACMASK|LOG_PRIMASK))
 pri = DEFUPRI;
 
 /* don't allow users to log kernel messages */
 if (LOG_FAC(pri) == LOG_KERN)
 pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri));
 
 q = line;
 
 while ((c = *p++) != '\0' 
 q  line[sizeof(line) - 2]) {
 c = 0177;
 if (iscntrl(c))
 if (c == '\n')
 *q++ = ' ';
 else if (c == '\t')
 *q++ = '\t';
 else {
 *q++ = '^';
 *q++ = c ^ 0100;
 }
 else
 *q++ = c;
 }
 *q = '\0';
 
 logmsg(pri, line, hname, 0);
 }
 
 logmsg()
 {
 ..
 msglen = strlen(msg); 
 if (msglen  16 || msg[3] != ' ' || msg[6] != ' ' ||
 msg[9] != ':' || msg[12] != ':' || msg[15] != ' ')
 flags |= ADDDATE;
 ..
 }
 
 On top of this, source code exists to map LF to \n and use the
 \377 format for non-ASCII characters.
 
 It would seem to me that some of our issues have been 
 solved by some vendors that need to be wide-character set savvy...
 
 Darren
 
 ___
 Syslog mailing list
 Syslog@lists.ietf.org
 https://www1.ietf.org/mailman/listinfo/syslog
 

___
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog

Re: [Syslog] #1 - RFC3164, was: Consensus?

2005-11-28 Thread Darren Reed

[ Charset ISO-8859-1 unsupported, converting... ]
 Which system is this source from? 

BSD

 On Solaris, if you send \r\n characters, you will see ^M\n in the log. 

Yes and Solaris allows for non-ascii data through the use of escaping.

Darren

___
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog

RE: [Syslog] #1 - RFC3164, was: Consensus?

Re: [Syslog] #1 - RFC3164, was: Consensus?

2 matches

Site Navigation

Mail list logo

Footer information