Giter Club home page Giter Club logo

Comments (2)

MarkTripod-Duo avatar MarkTripod-Duo commented on September 28, 2024

Which RFC are you basing the message format compliance against?

from duo_log_sync.

minikenshin avatar minikenshin commented on September 28, 2024

the RFC5414

On the tcpdump we can see the log send by your program to the syslog concentrator :

17:36:36.054273 IP (tos 0x0, ttl 64, id 47721, offset 0, flags [DF], proto UDP (17), length 923)
    10.16.2.72.36109 > 10.16.2.14.syslog: [bad udp cksum 0x1c0e -> 0x7cf5!] [|syslog]
        0x0000:  4500 039b ba69 4000 4011 6473 0a10 0248  E....i@[email protected]
        0x0010:  0a10 020e 8d0d 0202 0387 1c0e 7b22 6163  ............{"ac
        0x0020:  6365 7373 5f64 6576 6963 6522 3a20 7b22  cess_device":.{"
        0x0030:  6570 6b65 7922 3a20 6e75 6c6c 2c20 2268  epkey":.null,."h
        0x0040:  6f73 746e 616d 6522 3a20 6e75 6c6c 2c20  ostname":.null,.

Here a log send by the linux system (here bash) :

17:41:48.021363 IP (tos 0x0, ttl 64, id 17635, offset 0, flags [DF], proto UDP (17), length 123)
    10.16.2.72.34570 > 10.16.2.14.syslog: [bad udp cksum 0x18ee -> 0x4dee!] SYSLOG, length: 95
        Facility local0 (16), Severity info (6)
        Msg: Dec 19 17:41:47 coreauth002 bash[1640285]: (root:) tcpdump -ni ens160 udp port 514 -vv -X
        0x0000:  3c31 3334 3e44 6563 2031 3920 3137 3a34
        0x0010:  313a 3437 2063 6f72 6561 7574 6830 3032
        0x0020:  2062 6173 685b 3136 3430 3238 355d 3a20
        0x0030:  2872 6f6f 743a 2920 7463 7064 756d 7020
        0x0040:  2d6e 6920 656e 7331 3630 2075 6470 2070
        0x0050:  6f72 7420 3531 3420 2d76 7620 2d58 76
        0x0000:  4500 007b 44e3 4000 4011 dd19 0a10 0248  E..{D.@[email protected]
        0x0010:  0a10 020e 870a 0202 0067 18ee 3c31 3334  .........g..<134
        0x0020:  3e44 6563 2031 3920 3137 3a34 313a 3437  >Dec.19.17:41:47
        0x0030:  2063 6f72 6561 7574 6830 3032 2062 6173  .coreauth002.bas
        0x0040:  685b 3136 3430 3238 355d 3a20 2872 6f6f  h[1640285]

You can see the name and the program at the begining of the line like the RFC 5414 describe it.

from duo_log_sync.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.