Hello!
So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that RSH packet with Client -> Server data is transmitted each time the remote logging occurs. The RSH data itself looks something like this:
0040 33 06 3c 33 39 3e 4e 6f 76 20 31 34 20 30 38 3a 3.<39>Nov 14 08:
0050 31 32 3a 35 36 20 6c 6f 63 61 6c 68 6f 73 74 20 12:56 localhost
0060 72 6f 6f 74 3a 20 72 65 61 64 20 74 68 69 73 0a root: read this.
The message being logged is: Nov 14 08: 12:56 localhost root: read this.
I'd much appreciate if someone could explaing how rsyslog on server understands that this message is meant for it and whether it needs to log it. I don't understand what <39> stands for in data either.
I'm new to this so please help!