我在 Ubuntu 22.04 上使用 netcat 1.218 生成测试 syslog 数据包,我注意到一个无法解释的奇怪行为。当我使用 标志时-v,netcat 会发送 2 个包含字母 的额外数据包X。如果没有-v,它只会发送一个数据包,正如预期的那样,但 rsyslog 无法识别输入。
示例命令:
echo "<13>1 2024-02-28T04:07:00 hostname appname - - - message body" | nc -w 0 localhost 514 -u
tcpdump 输出:
05:08:02.735724 lo In IP localhost.37754 > localhost.514: SYSLOG user.notice, length: 62
E..Z..@.@.`..........z...F.Y<13>1 2024-02-28T04:07:00 hostname appname - - - message body
相同的命令并-v添加了:
05:08:58.863527 lo In IP localhost.56439 > localhost.514: (invalid)
E...N.@[email protected]... ..X
05:08:58.863577 lo In IP localhost.56439 > localhost.514: (invalid)
E...N.@[email protected]... ..X
05:08:58.863764 lo In IP localhost.56439 > localhost.514: SYSLOG user.notice, length: 62
E..ZN.@[email protected]<13>1 2024-02-28T04:07:00 hostname appname - - - message body
rsyslog 的 DebugFormat 输出包含以下内容-v:
Debug line with all properties:
FROMHOST: 'localhost', fromhost-ip: '127.0.0.1', HOSTNAME: 'X', PRI: 13,
syslogtag '', programname: '', APP-NAME: '-', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Feb 28 05:09:35', STRUCTURED-DATA: '-',
msg: ''
escaped msg: ''
inputname: imudp rawmsg: 'X'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: 'localhost', fromhost-ip: '127.0.0.1', HOSTNAME: 'X', PRI: 13,
syslogtag '', programname: '', APP-NAME: '-', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Feb 28 05:09:35', STRUCTURED-DATA: '-',
msg: ''
escaped msg: ''
inputname: imudp rawmsg: 'X'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: 'localhost', fromhost-ip: '127.0.0.1', HOSTNAME: 'localhost', PRI: 13,
syslogtag '', programname: '', APP-NAME: '', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Feb 28 05:09:35', STRUCTURED-DATA: '-',
msg: '2024-02-28T04:07:00 hostname appname - - - message body'
escaped msg: '2024-02-28T04:07:00 hostname appname - - - message body'
inputname: imudp rawmsg: '<13>1 2024-02-28T04:07:00 hostname appname - - - message body'
$!:
$.:
$/: