For When You Can't Have The Real Thing
[ start | index | login ]
start > Netscreen > Syslog Problem Work-Around

Syslog Problem Work-Around

Created by dave. Last edited by dave, 8 years and 305 days ago. Viewed 1,827 times. #1
[edit] [rdf]
labels
attachments

Problem

When my Netscreen device logs to a syslog server, the entry lines are all run together. It is like there is no linefeed character at the end of the entry.

Discussion

>>Link

The industry-standard specifies using the LF character as frame delimiter. Some vendors, notable Juniper in their NetScreen products, use an invalid frame delimiter, in Juniper's case the NUL character.
What is happening is that syslog is trying to tack on the linefeed to the supplied string, but syslog stops writing at the NUL character because it is treating it as a nul-terminated string.

Work-Around

As indicated in the above link, rsyslog has a work-around in place for it.

I am using syslog-ng. You can define your destination files to have a specific format. Originally I tried adding the linefeed character to the end of the template, but that didn't work because of the nul-terminated string issue. So I decided to put the linefeed at the beginning of the template:

destination messages { file("/var/adm/messages" template("\n$ISODATE $HOST $MSG"));};

This works and it doesn't appear to be filling the log with excessive blank spaces.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt