Netcat, Syslog, UDP, and <134>

Question

Listening with netcat on UDP 514 to syslog data I see that each sent log message is separated by <134>.

Does anyone note what <134> is?

Ah okay it is defined in http://tools.ietf.org/html/rfc5424#section-6.2 -- trying to parse that :-) — Kyle Brandt, Apr 05 '11 at 23:46

score 7 · Accepted Answer · answered Apr 05 '11 at 23:57

That is part of the header. "The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity." So 134 / 8 = 16 (facility local0) remainder 6 (severity Informational: informational messages).

SYSLOG-MSG      = HEADER SP STRUCTURED-DATA [SP MSG]
HEADER          = PRI...
PRI             = "<" PRIVAL ">"
PRIVAL          = 1*3DIGIT ; range 0 .. 191

score -3 · Answer 2 · answered Apr 05 '11 at 23:51

-3

0134 is the octal code for backslash \.

This is an escape char, to avoid possible sql injections on syslog SQL backends.

See this message on the syslog-ng mailing list.

answered Apr 05 '11 at 23:51

petrus

5,297
26
42

Hmm...I don't think so. – Mark Wagner Apr 05 '11 at 23:58

Netcat, Syslog, UDP, and <134>

2 Answers2