Jean M 7 Posted March 5, 2020 Share Posted March 5, 2020 Hi, I've enabled syslog in ESET SMC (v7.1) and I'm able to see logs generated in syslog daemon. The configuration is the following: However, the message of syslog contains non-printable characters at beginning and end: # xxd /var/log/eset/RemoteAdministrator/Server/ERAServer.log 00000000: efbb bf7b 2265 7665 6e74 5f74 7970 6522 ...{"event_type" 00000010: 3a22 4175 6469 745f 4576 656e 7422 2c22 :"Audit_Event"," 00000020: 6970 7634 223a 2231 302e 3235 302e 312e ipv4":"10.100.0. ... 00000160: 7222 3a22 222c 2272 6573 756c 7422 3a22 r":"","result":" 00000170: 5375 6363 6573 7322 7d23 3031 3523 3031 Success"}#015#01 00000180: 320a 2. I know that the last two were escaped to #015 and #012 by the syslog daemon (rsylogd) automatically. Does anyone know if this is expected? I tried both formats BSD and Syslog and they seem to give the same result. Thanks! Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted March 6, 2020 ESET Staff Share Posted March 6, 2020 My best guess that is it message delimiter, i.e. it is "\r\n" tuple (new line in MS Windows format) appended after each message so that receiving daemon can actually detect end of message in case there are multiple of them sent in stream. This should be standard behavior in case "Octet-counted framing" is not enabled. If frame counting is enabled, each message will contains also it's length and this should be enough to detect end of message and start of another one ... Link to comment Share on other sites More sharing options...
Recommended Posts