Hi
We plan to send syslog protocol version info in message per rfc5424
(https://tools.ietf.org/html/rfc5424#page-11). When I send out version
1 as per spec, syslog receiver nxlog gets confused. Message at line 4
below is sent without it and the message at line 7 is sent with
version 1 after PRI. For this one, nxlog writes out 1 as date of the
month to file (see line 8).
1. /tmp @bs459.sjc# sudo strace -s 1024 -f -tt -e recv,recvfrom,write nxlog -f
2 :
3 [pid 48550] 00:12:25.898888 write(3, "2020-12-19 00:12:25 INFO
nxlog-ce-2.10.2150 started\n", 52) = 52
4 [pid 48555] 00:12:29.207659 recvfrom(18, "<166>Dec 19 00:12:28
ats291 TEST: nxlog ietf. NO version. GGA", 65000, 0,
{sa_family=AF_INET, sin_port=htons(41976),
sin_addr=inet_addr("172.30.151.59")}, [128->16]) = 61
5 [pid 48553] 00:12:29.208104 write(7, "\1", 1) = 1
6 [pid 48553] 00:12:29.208245 write(20, "<166>Dec 19 00:12:28 ats291
TEST: nxlog ietf. NO version. GGA\n", 62) = 62
7 [pid 48556] 00:13:21.097695 recvfrom(18, "<166>1 Dec 19 00:13:20
ats291 TEST: nxlog ietf. WITH VER. aa", 65000, 0, {sa_family=AF_INET,
sin_port=htons(40892), sin_addr=inet_addr("172.30.151.59")},
[128->16]) = 60
8 [pid 48556] 00:13:21.098027 write(20, "<166>Dec 1 00:13:20 1 Dec
19 00:13:20 ats291 TEST: nxlog ietf. WITH VER. aa\n", 77) = 77
Of course, running rsyslog itself as collector has no issue. maybe
nxlog is not rfc5424 compliant. Is that expected of syslog receivers?
I'm going to try few other syslog collectors.
Thank you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
We plan to send syslog protocol version info in message per rfc5424
(https://tools.ietf.org/html/rfc5424#page-11). When I send out version
1 as per spec, syslog receiver nxlog gets confused. Message at line 4
below is sent without it and the message at line 7 is sent with
version 1 after PRI. For this one, nxlog writes out 1 as date of the
month to file (see line 8).
1. /tmp @bs459.sjc# sudo strace -s 1024 -f -tt -e recv,recvfrom,write nxlog -f
2 :
3 [pid 48550] 00:12:25.898888 write(3, "2020-12-19 00:12:25 INFO
nxlog-ce-2.10.2150 started\n", 52) = 52
4 [pid 48555] 00:12:29.207659 recvfrom(18, "<166>Dec 19 00:12:28
ats291 TEST: nxlog ietf. NO version. GGA", 65000, 0,
{sa_family=AF_INET, sin_port=htons(41976),
sin_addr=inet_addr("172.30.151.59")}, [128->16]) = 61
5 [pid 48553] 00:12:29.208104 write(7, "\1", 1) = 1
6 [pid 48553] 00:12:29.208245 write(20, "<166>Dec 19 00:12:28 ats291
TEST: nxlog ietf. NO version. GGA\n", 62) = 62
7 [pid 48556] 00:13:21.097695 recvfrom(18, "<166>1 Dec 19 00:13:20
ats291 TEST: nxlog ietf. WITH VER. aa", 65000, 0, {sa_family=AF_INET,
sin_port=htons(40892), sin_addr=inet_addr("172.30.151.59")},
[128->16]) = 60
8 [pid 48556] 00:13:21.098027 write(20, "<166>Dec 1 00:13:20 1 Dec
19 00:13:20 ats291 TEST: nxlog ietf. WITH VER. aa\n", 77) = 77
Of course, running rsyslog itself as collector has no issue. maybe
nxlog is not rfc5424 compliant. Is that expected of syslog receivers?
I'm going to try few other syslog collectors.
Thank you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.