Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

rsyslog RSH packet

Hello!

So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that RSH packet with Client -> Server data is transmitted each time the remote logging occurs. The RSH data itself looks something like this:

0040 33 06 3c 33 39 3e 4e 6f 76 20 31 34 20 30 38 3a 3.<39>Nov 14 08:

0050 31 32 3a 35 36 20 6c 6f 63 61 6c 68 6f 73 74 20 12:56 localhost

0060 72 6f 6f 74 3a 20 72 65 61 64 20 74 68 69 73 0a root: read this.

The message being logged is: Nov 14 08: 12:56 localhost root: read this.

I'd much appreciate if someone could explaing how rsyslog on server understands that this message is meant for it and whether it needs to log it. I don't understand what <39> stands for in data either.

I'm new to this so please help!

rsyslog RSH packet

Hello!

So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that RSH packet with Client -> Server data is transmitted each time the remote logging occurs. The RSH data itself looks something like this:

0040   33 06 3c 33 39 3e 4e 6f 76 20 31 34 20 30 38 3a   3.<39>Nov 14 08:

08: 0050 31 32 3a 35 36 20 6c 6f 63 61 6c 68 6f 73 74 20 12:56 localhost

0060 72 6f 6f 74 3a 20 72 65 61 64 20 74 68 69 73 0a root: read this.

this.

The message being logged is: is:

Nov 14 08: 12:56 localhost root: read this.

this.

I'd much appreciate if someone could explaing how rsyslog on server understands that this message is meant for it and whether it needs to log it. I don't understand what <39> stands for in data either.

I'm new to this so please help!