# Revision history [back]

### rsyslog RSH packet

Hello!

So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that RSH packet with Client -> Server data is transmitted each time the remote logging occurs. The RSH data itself looks something like this:

0040 33 06 3c 33 39 3e 4e 6f 76 20 31 34 20 30 38 3a 3.<39>Nov 14 08:

0050 31 32 3a 35 36 20 6c 6f 63 61 6c 68 6f 73 74 20 12:56 localhost

0060 72 6f 6f 74 3a 20 72 65 61 64 20 74 68 69 73 0a root: read this.

The message being logged is: Nov 14 08: 12:56 localhost root: read this.

I'd much appreciate if someone could explaing how rsyslog on server understands that this message is meant for it and whether it needs to log it. I don't understand what <39> stands for in data either.

 2 None grahamb 23235 ●4 ●730 ●225 https://www.wireshark.org

### rsyslog RSH packet

Hello!

So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that RSH packet with Client -> Server data is transmitted each time the remote logging occurs. The RSH data itself looks something like this:

0040   33 06 3c 33 39 3e 4e 6f 76 20 31 34 20 30 38 3a   3.<39>Nov 14 08: 08:
0050   31 32 3a 35 36 20 6c 6f 63 61 6c 68 6f 73 74 20   12:56 localhost   0060   72 6f 6f 74 3a 20 72 65 61 64 20 74 68 69 73 0a   root: read this.this.


The message being logged is: is:

Nov 14 08: 12:56 localhost root: read this.this.


I'd much appreciate if someone could explaing how rsyslog on server understands that this message is meant for it and whether it needs to log it. I don't understand what <39> stands for in data either.