我在 Ubuntu 22.04 上使用 netcat 1.218 產生測試系統日誌資料包,我注意到一個我無法解釋的奇怪行為。當我使用該-v標誌時,netcat 會發送 2 個包含字母 的附加資料包X。如果沒有-v,它只會發送一個資料包,如預期的那樣,但 rsyslog 無法識別輸入。
命令範例:
echo "<13>1 2024-02-28T04:07:00 hostname appname - - - message body" | nc -w 0 localhost 514 -u
tcpdump 輸出:
05:08:02.735724 lo In IP localhost.37754 > localhost.514: SYSLOG user.notice, length: 62
E..Z..@.@.`..........z...F.Y<13>1 2024-02-28T04:07:00 hostname appname - - - message body
新增了相同的命令-v:
05:08:58.863527 lo In IP localhost.56439 > localhost.514: (invalid)
E...N.@[email protected]... ..X
05:08:58.863577 lo In IP localhost.56439 > localhost.514: (invalid)
E...N.@[email protected]... ..X
05:08:58.863764 lo In IP localhost.56439 > localhost.514: SYSLOG user.notice, length: 62
E..ZN.@[email protected]<13>1 2024-02-28T04:07:00 hostname appname - - - message body
rsyslog 的 DebugFormat 輸出包括-v:
Debug line with all properties:
FROMHOST: 'localhost', fromhost-ip: '127.0.0.1', HOSTNAME: 'X', PRI: 13,
syslogtag '', programname: '', APP-NAME: '-', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Feb 28 05:09:35', STRUCTURED-DATA: '-',
msg: ''
escaped msg: ''
inputname: imudp rawmsg: 'X'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: 'localhost', fromhost-ip: '127.0.0.1', HOSTNAME: 'X', PRI: 13,
syslogtag '', programname: '', APP-NAME: '-', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Feb 28 05:09:35', STRUCTURED-DATA: '-',
msg: ''
escaped msg: ''
inputname: imudp rawmsg: 'X'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: 'localhost', fromhost-ip: '127.0.0.1', HOSTNAME: 'localhost', PRI: 13,
syslogtag '', programname: '', APP-NAME: '', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Feb 28 05:09:35', STRUCTURED-DATA: '-',
msg: '2024-02-28T04:07:00 hostname appname - - - message body'
escaped msg: '2024-02-28T04:07:00 hostname appname - - - message body'
inputname: imudp rawmsg: '<13>1 2024-02-28T04:07:00 hostname appname - - - message body'
$!:
$.:
$/: