Darren, You are quoting out of context. I'v read the source - more than one (if you read more than one, you'll notice the subtle differences ;)). BTW: the ^ tells you that signatures are broken as soon as characters < 32 are included in the message. However, none of that relates to what you have state. The source you state is incomplete and if you look at everything (including forwarding rules) plus at different versions (e.g. sysklogd 1.4.1 in debian and syslogd.c in FreeBSD) date processing is different.
So again, can you please tell me what backs your argument? Rainer > -----Original Message----- > From: Darren Reed [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 27, 2005 9:23 PM > To: Rainer Gerhards > Cc: [EMAIL PROTECTED] > Subject: Re: [Syslog] #1 - RFC3164, was: Consensus? > > > > Darren, > .. > > Please let us know which actual syslog deamons you mean (at > best with > > platform and version information). > > > > I would also appreciate if you could do a quick test with them and > > post the results. If possible, please send two messages to > them. One > > as such: > > > > "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on > > /dev/pts/8" > > > > the other one > > > > "<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su > 4711 MSGID - > > 'su root' failed for lonvick on /dev/pts/9" > > > > I would appreciate if you could let us know the resulting > format both > > in log files as well as when relaying. > > > > Information about the extend of message distortion will > probably help > > us to determine the importance of this issue. > > Why not just read the source code ? > > Also, read down and observe what ^ is used for. > This has been forgotten in RFC 3164... > > printline() > { > .. > /* test for special codes */ > pri = DEFUPRI; > p = msg; > if (*p == '<') { > pri = 0; > while (isdigit(*++p)) > pri = 10 * pri + (*p - '0'); > if (*p == '>') > ++p; > } > if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) > pri = DEFUPRI; > > /* don't allow users to log kernel messages */ > if (LOG_FAC(pri) == LOG_KERN) > pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri)); > > q = line; > > while ((c = *p++) != '\0' && > q < &line[sizeof(line) - 2]) { > c &= 0177; > if (iscntrl(c)) > if (c == '\n') > *q++ = ' '; > else if (c == '\t') > *q++ = '\t'; > else { > *q++ = '^'; > *q++ = c ^ 0100; > } > else > *q++ = c; > } > *q = '\0'; > > logmsg(pri, line, hname, 0); > } > > logmsg() > { > .. > msglen = strlen(msg); > if (msglen < 16 || msg[3] != ' ' || msg[6] != ' ' || > msg[9] != ':' || msg[12] != ':' || msg[15] != ' ') > flags |= ADDDATE; > .. > } > > On top of this, source code exists to map LF to "\n" and use > the \377 format for non-ASCII characters. > > It would seem to me that some of our issues have been > "solved" by some vendors that need to be wide-character set savvy... > > Darren > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
