Which system is this source from? On Solaris, if you send \r\n characters, you will see "^M\n" in the log.
Anton. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed > Sent: Sunday, November 27, 2005 3:23 PM > To: Rainer Gerhards > Cc: [EMAIL PROTECTED] > Subject: Re: [Syslog] #1 - RFC3164, was: Consensus? > > > Darren, > .. > > Please let us know which actual syslog deamons you mean (at > best with > > platform and version information). > > > > I would also appreciate if you could do a quick test with them and > > post the results. If possible, please send two messages to > them. One as such: > > > > "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on > > /dev/pts/8" > > > > the other one > > > > "<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su > 4711 MSGID - > > 'su root' failed for lonvick on /dev/pts/9" > > > > I would appreciate if you could let us know the resulting > format both > > in log files as well as when relaying. > > > > Information about the extend of message distortion will > probably help > > us to determine the importance of this issue. > > Why not just read the source code ? > > Also, read down and observe what ^ is used for. > This has been forgotten in RFC 3164... > > printline() > { > .. > /* test for special codes */ > pri = DEFUPRI; > p = msg; > if (*p == '<') { > pri = 0; > while (isdigit(*++p)) > pri = 10 * pri + (*p - '0'); > if (*p == '>') > ++p; > } > if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) > pri = DEFUPRI; > > /* don't allow users to log kernel messages */ > if (LOG_FAC(pri) == LOG_KERN) > pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri)); > > q = line; > > while ((c = *p++) != '\0' && > q < &line[sizeof(line) - 2]) { > c &= 0177; > if (iscntrl(c)) > if (c == '\n') > *q++ = ' '; > else if (c == '\t') > *q++ = '\t'; > else { > *q++ = '^'; > *q++ = c ^ 0100; > } > else > *q++ = c; > } > *q = '\0'; > > logmsg(pri, line, hname, 0); > } > > logmsg() > { > .. > msglen = strlen(msg); > if (msglen < 16 || msg[3] != ' ' || msg[6] != ' ' || > msg[9] != ':' || msg[12] != ':' || msg[15] != ' ') > flags |= ADDDATE; > .. > } > > On top of this, source code exists to map LF to "\n" and use the > \377 format for non-ASCII characters. > > It would seem to me that some of our issues have been > "solved" by some vendors that need to be wide-character set savvy... > > Darren > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog