Message processing by existing syslog implementations

Testing done by Rainer Gerhards on 2005-11-29

Test Messages sent (via perl script):

$MESSAGE = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
$MESSAGE2 = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for \0lonvick on /dev/pts/8";
$MESSAGE3 = "<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9";
 

Results

Debian

Log File

Nov 29 11:19:13 172.19.2.7 mymachine su: 'su root' failed for lonvick on /dev/pts/8
Nov 29 11:19:14 172.19.2.7 mymachine su: 'su root' failed for
Nov 29 11:19:14 172.19.2.7 lonvick on /dev/pts/8
Nov 29 11:19:15 172.19.2.7 1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9
 

Relay

<34>mymachine su: 'su root' failed for lonvick on /dev/pts/8

<34>mymachine su: 'su root' failed for

<13>lonvick on /dev/pts/8

<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9

Observation

Red Hat Fedora 4

Note: system clock on that machine was set to Aug, 15 2005, around 3pm.

Log File

Oct 11 22:14:15 172.19.2.7 mymachine su: 'su root' failed for lonvick on /dev/pts/8
Oct 11 22:14:15 172.19.2.7 mymachine su: 'su root' failed for
Aug 15 15:32:24 172.19.2.7 lonvick on /dev/pts/8
Aug 15 15:32:24 172.19.2.7 1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9

Relay

<34>mymachine su: 'su root' failed for lonvick on /dev/pts/8

<34>mymachine su: 'su root' failed for

<13>lonvick on /dev/pts/8

<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9
 

Observations

NetBSD

Log File

Oct 11 22:14:15 172.19.2.7 mymachine su: 'su root' failed for lonvick on /dev/pts/8
Oct 11 22:14:15 172.19.2.7 mymachine su: 'su root' failed for
Nov 29 11:54:57 172.19.2.7 1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on dev/pts/9

Relay

<34>Oct 11 22:14:15 [172.19.2.7]: mymachine su: 'su root' failed for lonvick on /dev/pts/8
<34>Oct 11 22:14:15 [172.19.2.7]: mymachine su: 'su root' failed for
<148>Nov 29 11:54:57 [172.19.2.7]: 1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9

Observation

Kiwi Syslog Daemon (7.2.35) on Windows

Log file

2005-11-29 08:57:47 Auth.Critical 127.0.0.1 Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
2005-11-29 08:57:47 Auth.Critical 127.0.0.1 Oct 11 22:14:15 mymachine su: 'su root' failed for <000>lonvick on /dev/pts/8
2005-11-29 08:57:47 Local2.Warning 127.0.0.1 1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9
 

Relay

<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
<34>Oct 11 22:14:15 mymachine su: 'su root' failed for<000>lonvick on /dev/pts/8
<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9

Observations

WinSyslog on Windows

Log file

2005-11-29,12:05:54,2005-11-29,12:05:54,127.0.0.1,4,2,su: 'su root' failed for lonvick on /dev/pts/8
2005-11-29,12:05:55,2005-11-29,12:05:55,127.0.0.1,4,2,su: 'su root' failed for
2005-11-29,12:05:56,2005-11-29,12:05:56,127.0.0.1,18,4,1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9
 

Relay

<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
<34>Oct 11 22:14:15 mymachine su: 'su root' failed for
<148>1 2003-10-11T22:14:15.003Z mymachine.example.com su 4711 MSGID - 'su root' failed for lonvick on /dev/pts/9

Observation

Rainer Gerhards <rgerhards at adiscon.com>

This page last updated: Tue Oct 11 16:35:24 2011.
For content issues, contact rgerhards-at-adiscon.com - for legal issues, please contact Adiscon who is the legal owner and publisher of this web site.
Visit our topic pages for practical information on syslog.
Raw Mail Archive: [threaded] [by date] [search]