syslog 协议及格式 -

luckywnj

浏览: 245333 次
性别:
来自: 北京

最近访客更多访客>>

u012363178

囧囧有神

dongguangming88

茂叔1050

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

syslog 协议及格式

博客分类：

RFC-协议规范

官方文档：http://tools.ietf.org/html/rfc5424

6. Syslog Message Format

6.2. HEADER

6.2.1. PRI

PRI=<Facility(0-23)*8+Severity(0-7)>

6.2.2. VERSION

6.2.3. TIMESTAMP

Example 1

1985-04-12T23:20:50.52Z

Example 2

1985-04-12T19:20:50.52-04:00

Example 3

2003-10-11T22:14:15.003Z

Example 4

2003-08-24T05:14:15.000003-07:00

6.2.4. HOSTNAME

6.2.5. APP-NAME

6.2.6. PROCID

6.2.7. MSGID

6.3. STRUCTURED-DATA

6.3.1. SD-ELEMENT

6.3.2. SD-ID

6.3.3. SD-PARAM

6.3.4. Change Control

6.3.5. Examples

Example 1 - Valid

[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]

This example is a structured data element with a non-IANA controlled

SD-ID of type "exampleSDID@32473", which has three parameters.

Example 2 - Valid

[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]

This is the same example as in 1, but with a second structured data

element. Please note that the structured data element immediately

follows the first one (there is no SP between them).

Example 3 - Invalid

[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] [examplePriority@32473 class="high"]

error : 两个SD之间，多一个空格SP character

Example 4 - Invalid

[ exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]

error : 第一个SD内部，多一个空格SP character

Example 5 - Valid

[sigSig ver="1" rsID="1234" ... signature="..."]

Example 5 is a valid example. It shows a hypothetical IANA-assigned

SD-ID. The ellipses denote missing content, which has been left out

of this example for brevity.

6.4. MSG

6.5. Examples

Example 1 - with no STRUCTURED-DATA

<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8

#header的8个部分用空格SP,分割，<34>1除外，因为不需要SP就可以分割，

#header与STRUCTURED-DATA，MSG也是用SP分割。

Facility : 4

Severity : 2

VERSION : 1

TIMESTAMP : 2003-10-11T22:14:15.003Z

HOSTNAME : mymachine.example.com

APP-NAME : su

PROCID : unknown indicated by "-" in the STRUCTURED-DATA field

MSGID : ID47

STRUCTURED-DATA : no this is indicated by "-" in the STRUCTURED-DATA field

形如[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]

BOM 是控制字符，以后再搞。

MSG : 'su root' failed for lonvick on /dev/pts/8

最后的是MSG，可以包含任意空格

Example 2 - with no STRUCTURED-DATA

<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts.

Example 3 - with STRUCTURED-DATA

<165>1 2003-10-11T22:14:15.003Z mymachine.example.com

evntslog - ID47 [exampleSDID@32473 iut="3" eventSource=

"Application" eventID="1011"] BOMAn application

event log entry...

Example 4 - STRUCTURED-DATA Only, (no MSG)

<165>1 2003-10-11T22:14:15.003Z mymachine.example.com

evntslog - ID47 [exampleSDID@32473 iut="3" eventSource=

"Application" eventID="1011"][examplePriority@32473

class="high"]

This example shows a message with only STRUCTURED-DATA and no MSG

part. This is a valid message.

分享到：

制作SSL证书-openssl命令 | A序言

2012-10-17 16:37
浏览 2166
评论(0)
分类:互联网
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

syslog 协议及格式

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

syslog 协议及格式

评论

发表评论

相关推荐

TCP数据包分片机制详解

IP 协议理解及报头分析

OSI七层协议模型，与实际应用

TCP/IP 协议簇学习

http 协议学习

TCP 协议理解

SSH 协议及应用

SMB CIFS DOMIAN

最近访客更多访客>>