Ask Your Question

Flatternschu's profile - activity

overview network karma followed questions activity
2021-06-26 11:58:17 +0000 received badge  Famous Question (source)
2021-06-26 11:58:17 +0000 received badge  Notable Question (source)
2021-06-26 11:58:17 +0000 received badge  Popular Question (source)
2019-12-19 10:21:10 +0000 commented answer rsyslog RSH packet

Thank you! Much appreciate it

2019-12-19 10:20:46 +0000 marked best answer rsyslog RSH packet

Hello!

So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that RSH packet with Client -> Server data is transmitted each time the remote logging occurs. The RSH data itself looks something like this:

0040   33 06 3c 33 39 3e 4e 6f 76 20 31 34 20 30 38 3a   3.<39>Nov 14 08:
0050   31 32 3a 35 36 20 6c 6f 63 61 6c 68 6f 73 74 20   12:56 localhost 
0060   72 6f 6f 74 3a 20 72 65 61 64 20 74 68 69 73 0a   root: read this.

The message being logged is:

Nov 14 08: 12:56 localhost root: read this.

I'd much appreciate if someone could explaing how rsyslog on server understands that this message is meant for it and whether it needs to log it. I don't understand what <39> stands for in data either.

I'm new to this so please help!
2019-12-19 10:20:46 +0000 received badge  Scholar (source)
2019-12-19 09:51:01 +0000 asked a question rsyslog RSH packet

rsyslog RSH packet Hello! So I'm using wireshark to find out how does remote logging works in rsyslog. I found out that
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2