bnlong / eventlog-to-syslog

Automatically exported from code.google.com/p/eventlog-to-syslog
0 stars 0 forks source link

Problem with cyrillic (russian) messages in log #47

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
Need any Russian version of Windows

What is the expected output?
in UTF-8 (russian message):
Sep 20 11:05:38 gaidukav.******* GAIDUKAV Service_Control_Manager: 7036: 
Служба "Планировщик классов мультимедиа" 
перешла в состояние Остановлена.

What do you see instead?
in 437 codepage:
Sep 20 11:05:38 gaidukav.******* GAIDUKAV Service_Control_Manager: 7036: 
Сл�\203жба 
"∩┐╜\237╨╗╨░╨╜╨╕∩┐╜\200╨╛╨▓∩┐╜\211╨�
��╨║ ╨║╨╗╨░∩┐╜\201∩┐╜\201╨╛╨▓ 
╨╝∩┐╜\203╨╗∩┐╜\214∩┐╜\202╨╕╨╝╨╡╨┤╨��
�╨░" ╨┐╨╡∩┐╜\200╨╡∩┐╜\210╨╗╨░ ╨▓ 
∩┐╜\201╨╛∩┐╜\201∩┐╜\202╨╛∩┐╜\217╨╜╨╕╨�
�� 
∩┐╜\236∩┐╜\201∩┐╜\202╨░╨╜╨╛╨▓╨╗╨╡╨��
�╨░.

Some chars in russian UTF-8 strings converted to \200, \201, \202... codes.
Result - UTF-8 string not readable.

Applying Perl code (regexp) to each string of log
  $log_string =~ s/\\(\d{3})/chr(oct("0$1"))/egx;
solving the problem.

What version of the product are you using?
Eventlog to Syslog 4.4.2 (64-Bit)

On what operating system?
Windows 7 x64 Russian

Original issue reported on code.google.com by gaidu...@gmail.com on 20 Sep 2011 at 7:37

GoogleCodeExporter commented 8 years ago
I have not seen this problem before, but I will do some testing and let you 
know what I find.

-Sherwin

Original comment by sherwin....@gmail.com on 21 Sep 2011 at 5:58

GoogleCodeExporter commented 8 years ago
I've successfully reproduced the issue, but cannot find a quick fix. I tested 
multiple codepages and none of them solve the problem. I will attempt to 
convert all of the old event code to unicode to remove the need to do a 
codepage conversion, but that will not happen until next weekend at the 
earliest.

Original comment by sherwin....@gmail.com on 27 Sep 2011 at 4:44

GoogleCodeExporter commented 8 years ago
I just noticed you tested this on a Windows 7 machine. I have successfully 
reproduced the problem on a Server 2003 system, but not on a Server 2008 R2 
system (comparable to Win 7). The difference is due to how I handle the old and 
new logging method introduced in Vista. Is your Syslog server set to expect 
UTF-8 messages?

Original comment by sherwin....@gmail.com on 28 Sep 2011 at 5:02

GoogleCodeExporter commented 8 years ago
Ok so after some additional testing and a lot of extra head pounding I feel 
like an idiot. I forgot my newly installed syslog server wasn't set to expect 
UTF-8 messages on the Server 2003 box.

So my findings show that the string you sent should work fine on all versions 
of Windows when read as a UTF-8 string. Can you double check your server is 
setup to expect UTF-8 messages? Also the string you show as being incorrect 
usually appears when the UTF-8 string was mangled by an app that doesn't 
understand how to display it (i.e. Command Prompt) as I noticed the same thing.

Let me know if you are still having issues. I will mark this invalid and closed 
at the end of the week.

-Sherwin

Original comment by sherwin....@gmail.com on 28 Sep 2011 at 5:11

GoogleCodeExporter commented 8 years ago
Thank for you attention to my problem.
and sorry for my bad English.

my syslog server work on RedHat Linux, and it don't have any options
for select incoming codepages.

in attach see two files:
syslog.dump.error.txt - saved to log file on syslog server
syslog.dump.correct.txt - after converted by my perl-script for
correct reading in UTF-8

later i want using network sniffer for capture and analyze traffic
(udp:514) between my Win7 and syslog server.

Original comment by gaidu...@gmail.com on 28 Sep 2011 at 6:40

GoogleCodeExporter commented 8 years ago
What syslog server are you using? Name and version please.

-Sherwin

On Sep 28, 2011, at 2:40 AM, "eventlog-to-syslog@googlecode.com"
<eventlog-to-syslog@googlecode.com> wrote:

Original comment by sherwin....@gmail.com on 28 Sep 2011 at 4:12

GoogleCodeExporter commented 8 years ago
[root@logs root]# cat /etc/issue
Red Hat Linux release 9 (Shrike)
Kernel \r on an \m
[root@logs root]# uname -a
Linux logs.*********** 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686
i686 i386 GNU/Linux
[root@logs root]# rpm -qa | grep sysklogd
sysklogd-1.4.1-12

Original comment by gaidu...@gmail.com on 29 Sep 2011 at 11:44

GoogleCodeExporter commented 8 years ago
Could you please check this bug to see if it applies to you?
https://bugzilla.redhat.com/show_bug.cgi?id=89292

-Sherwin

Original comment by sherwin....@gmail.com on 29 Sep 2011 at 2:18

GoogleCodeExporter commented 8 years ago
YES!!!
Wow!!
thank you!
update syslog by sysklogd-1.4.1-12.3.i386.rpm solve this problem.

Original comment by gaidu...@gmail.com on 30 Sep 2011 at 8:44

GoogleCodeExporter commented 8 years ago

Original comment by sherwin....@gmail.com on 15 Dec 2011 at 2:37

GoogleCodeExporter commented 8 years ago
What is the expected output?
in UTF-8 (russian message):
Service_Control_Manager: 7036: Служба "Служба 
автоматического обнаружения веб-прокси 
WinHTTP" перешла в состояние Остановлена.

What do you see instead?
"Service_Control_Manager: 7036: ������������ 
"������������ 
����������������������������
���� ���������������������� 
������-������������ WinHTTP" 
�������������� �� 
������������������ 
����������������������." 

What version of the product are you using?
Eventlog to Syslog 4.5.1 (64-Bit)

On what operating system?
Windows 7 x64 Russian

Hi! I have a similar problem on ubuntu12.04+graylog2+elasticsearch. It picks 
logs from windows 7x64. In graylog community said that he takes it logs in 
utf-8. It says here that evtsys sends logs to utf-8. But i have unreadable 
string like that.

Original comment by roster...@gmail.com on 30 Jul 2014 at 7:38