Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add program in log #35

Open
minikenshin opened this issue Apr 18, 2023 · 2 comments
Open

Add program in log #35

minikenshin opened this issue Apr 18, 2023 · 2 comments

Comments

@minikenshin
Copy link

Hello team,

Today the log sent is like this :
2023-04-18T17:21:32+02:00 {"epkey": null, "hostname": null, "ip": "xx.xx.xx.xx", "location": END OF THE JSON.........}

It's not RFC compliant, you must have the machine name and progam name after the timestamp and before the message like this :

2023-04-18T17:21:32+02:00 myserver duo {"epkey": null, "hostname": null, "ip": "xx.xx.xx.xx", END OF THE JSON.........}

Could you, please, make the change to be compliant ? :)
Thanks
@MarkTripod-Duo
Copy link

Which RFC are you basing the message format compliance against?

@minikenshin
Copy link
Author

the RFC5414

On the tcpdump we can see the log send by your program to the syslog concentrator :

17:36:36.054273 IP (tos 0x0, ttl 64, id 47721, offset 0, flags [DF], proto UDP (17), length 923)
    10.16.2.72.36109 > 10.16.2.14.syslog: [bad udp cksum 0x1c0e -> 0x7cf5!] [|syslog]
        0x0000:  4500 039b ba69 4000 4011 6473 0a10 0248  E....i@.@.ds...H
        0x0010:  0a10 020e 8d0d 0202 0387 1c0e 7b22 6163  ............{"ac
        0x0020:  6365 7373 5f64 6576 6963 6522 3a20 7b22  cess_device":.{"
        0x0030:  6570 6b65 7922 3a20 6e75 6c6c 2c20 2268  epkey":.null,."h
        0x0040:  6f73 746e 616d 6522 3a20 6e75 6c6c 2c20  ostname":.null,.

Here a log send by the linux system (here bash) :

17:41:48.021363 IP (tos 0x0, ttl 64, id 17635, offset 0, flags [DF], proto UDP (17), length 123)
    10.16.2.72.34570 > 10.16.2.14.syslog: [bad udp cksum 0x18ee -> 0x4dee!] SYSLOG, length: 95
        Facility local0 (16), Severity info (6)
        Msg: Dec 19 17:41:47 coreauth002 bash[1640285]: (root:) tcpdump -ni ens160 udp port 514 -vv -X
        0x0000:  3c31 3334 3e44 6563 2031 3920 3137 3a34
        0x0010:  313a 3437 2063 6f72 6561 7574 6830 3032
        0x0020:  2062 6173 685b 3136 3430 3238 355d 3a20
        0x0030:  2872 6f6f 743a 2920 7463 7064 756d 7020
        0x0040:  2d6e 6920 656e 7331 3630 2075 6470 2070
        0x0050:  6f72 7420 3531 3420 2d76 7620 2d58 76
        0x0000:  4500 007b 44e3 4000 4011 dd19 0a10 0248  E..{D.@.@......H
        0x0010:  0a10 020e 870a 0202 0067 18ee 3c31 3334  .........g..<134
        0x0020:  3e44 6563 2031 3920 3137 3a34 313a 3437  >Dec.19.17:41:47
        0x0030:  2063 6f72 6561 7574 6830 3032 2062 6173  .coreauth002.bas
        0x0040:  685b 3136 3430 3238 355d 3a20 2872 6f6f  h[1640285]

You can see the name and the program at the begining of the line like the RFC 5414 describe it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarkTripod-Duo @minikenshin