Syslog can cann't capture dell network devices which end up with 0x00


#1

I am using LS 2.1 syslog to capture network devices' syslog . My input configure is as below :

input {
syslog {
port => 514
type => "netsyslog"
#codec => plain { charset => "UTF-8" }
# codec => rubydebug
}
}

I can capture cisco, H3's network devices' syslog. but failed to capture Dell network devices's syslog. I used tcpdump to capture the data, and and the difference is that Dell network devices' syslog end up with 0x00, such as below
192.168.24.170.514 > 192.168.7.225.514: [udp sum ok] SYSLOG, length: 173
Facility local7 (23), Severity debug (7)
Msg: Dec 3 10:05:42 JJ-2F-SW-D2048-1-7 PORT_ML[dtlAddrTask]: pml_api.c(1710) 104771 %% pmlUnknownAddrCallBack Gi7/0/11 8C:89:A5:E2:E5:51 23 static count 0 dynamic count 1\0x00
0x0000: 3c31 3931 3e20 4465 6320 2033 2031 303a
0x0010: 3035 3a34 3220 4a4a 2d32 462d 5357 2d44
0x0020: 3230 3438 2d31 2d37 2050 4f52 545f 4d4c
0x0030: 5b64 746c 4164 6472 5461 736b 5d3a 2070
0x0040: 6d6c 5f61 7069 2e63 2831 3731 3029 2031
0x0050: 3034 3737 3120 2525 2070 6d6c 556e 6b6e
0x0060: 6f77 6e41 6464 7243 616c 6c42 6163 6b20
0x0070: 4769 372f 302f 3131 2038 433a 3839 3a41
0x0080: 353a 4532 3a45 353a 3531 2032 3320 7374
0x0090: 6174 6963 2063 6f75 6e74 2030 2064 796e
0x00a0: 616d 6963 2063 6f75 6e74 2031 00

How can I fix this issue.


#2

The problem is fixed. It was dropped by Firewall. Dell network devices send syslog via port 514, which is lower then 1024, that is forbittedn by our FW.


(system) #3