Reputation: 169
I'm trying to send a message to my syslog server in Windows 10, created with SysLog Watcher.
The message is sent through TCP and UDP protocols but using TCP the Severity and Facility flags are not sent.
With UDP everything works fine!
I've already tried Kiwi Server and the problem is the same.
I am using the nuget SyslogNet.Client and I send the UDP message this way:
SysLogMessage msg = new SysLogMessage(SyslogMessage(
DateTimeOffset.Now,
14, // Facility - LogAlert
2, // Severity - Critical
LocalHostName ?? Environment.MachineName, // MachineName
"AppName", // AppName
null, // ProcId
"MessageType", // Message type name
"message to be sent"); // message to be sent
ISyslogMessageSerializer serializer = options.SyslogVersion == "5424"
? (ISyslogMessageSerializer)new SyslogRfc5424MessageSerializer()
: options.SyslogVersion == "3164"
? (ISyslogMessageSerializer)new SyslogRfc3164MessageSerializer()
: (ISyslogMessageSerializer)new SyslogLocalMessageSerializer();
SyslogMessage msg = CreateSyslogMessage(options);
ISyslogMessageSender sender = null;
if (options.NetworkProtocol.Equals("tcp", StringComparison.InvariantCultureIgnoreCase))
{
sender = IsEncryptedTCP ?
(ISyslogMessageSender)new SyslogEncryptedTcpSender(options.SyslogServerHostname, options.SyslogServerPort)
: (ISyslogMessageSender)new SyslogTcpSender(options.SyslogServerHostname, options.SyslogServerPort);
}
else if (options.NetworkProtocol.Equals("udp", StringComparison.CurrentCultureIgnoreCase))
{
sender = (ISyslogMessageSender)new SyslogUdpSender(options.SyslogServerHostname, options.SyslogServerPort);
}
else
{
sender = (ISyslogMessageSender)new SyslogLocalSender();
}
sender.Send(msg, serializer);
Again, this works just fine with UDP but when using TCP or LocalSend, the message does not send the flags Facility and Severity!
I would expect to see the flags Facility and Severity being sent through the SyslogNet.Client over TCP protocol.
Upvotes: 4
Views: 2324
Reputation: 504
I've found out the solution. It seems that Kiwi syslog doesn't understand Octet counting (see the RFC6587). To solve the problem you can set messageTransfer
property of the SyslogTcpSender
to MessageTransfer.NonTransparentFraming
Upvotes: 1