Comments (2)
Which RFC are you basing the message format compliance against?
from duo_log_sync.
the RFC5414
On the tcpdump we can see the log send by your program to the syslog concentrator :
17:36:36.054273 IP (tos 0x0, ttl 64, id 47721, offset 0, flags [DF], proto UDP (17), length 923)
10.16.2.72.36109 > 10.16.2.14.syslog: [bad udp cksum 0x1c0e -> 0x7cf5!] [|syslog]
0x0000: 4500 039b ba69 4000 4011 6473 0a10 0248 E....i@[email protected]
0x0010: 0a10 020e 8d0d 0202 0387 1c0e 7b22 6163 ............{"ac
0x0020: 6365 7373 5f64 6576 6963 6522 3a20 7b22 cess_device":.{"
0x0030: 6570 6b65 7922 3a20 6e75 6c6c 2c20 2268 epkey":.null,."h
0x0040: 6f73 746e 616d 6522 3a20 6e75 6c6c 2c20 ostname":.null,.
Here a log send by the linux system (here bash) :
17:41:48.021363 IP (tos 0x0, ttl 64, id 17635, offset 0, flags [DF], proto UDP (17), length 123)
10.16.2.72.34570 > 10.16.2.14.syslog: [bad udp cksum 0x18ee -> 0x4dee!] SYSLOG, length: 95
Facility local0 (16), Severity info (6)
Msg: Dec 19 17:41:47 coreauth002 bash[1640285]: (root:) tcpdump -ni ens160 udp port 514 -vv -X
0x0000: 3c31 3334 3e44 6563 2031 3920 3137 3a34
0x0010: 313a 3437 2063 6f72 6561 7574 6830 3032
0x0020: 2062 6173 685b 3136 3430 3238 355d 3a20
0x0030: 2872 6f6f 743a 2920 7463 7064 756d 7020
0x0040: 2d6e 6920 656e 7331 3630 2075 6470 2070
0x0050: 6f72 7420 3531 3420 2d76 7620 2d58 76
0x0000: 4500 007b 44e3 4000 4011 dd19 0a10 0248 E..{D.@[email protected]
0x0010: 0a10 020e 870a 0202 0067 18ee 3c31 3334 .........g..<134
0x0020: 3e44 6563 2031 3920 3137 3a34 313a 3437 >Dec.19.17:41:47
0x0030: 2063 6f72 6561 7574 6830 3032 2062 6173 .coreauth002.bas
0x0040: 685b 3136 3430 3238 355d 3a20 2872 6f6f h[1640285]
You can see the name and the program at the begining of the line like the RFC 5414 describe it.
from duo_log_sync.
Related Issues (20)
- adminaction consumer: failed to write some logs HOT 3
- Receiving Syntax errors in app.py - line 62 and 82 HOT 1
- Quits randomly - ssl.c error
- Customize Log Storage Location
- Log streaming HOT 2
- Use command line arguments to set configuration options.
- Sending to Splunk SIEM
- SSL error with self-signed certificate HOT 2
- Feature Requests: Fetch volume information and Offset in DLS Logs, Adjustable fetch amount
- Feature Request: Please daemonize the applictaion HOT 3
- queue issue
- DuoLogSync: Shutting down due to [auth producer: [Received 403 Access forbidden]] HOT 1
- demo data emitter
- Defaults in example_config.yml do not work well with Trust Monitor endpoint
- Mintime errors HOT 15
- Add Facility Option
- Add Single Sign-On log integration
- Add Single Sign-On log integration HOT 1
- Option to exclude fields HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from duo_log_sync.