Junk Characters seen in syslog

Junk Characters seen in syslog

book

Article ID: CTX341764

calendar_today

Updated On:

Description

Following logs containing junk characters are seen in syslog messages:

Sep  1 01:08:09 <local0.debug> 10.1.2.1 09/01/2021:01:08:09 GMT gw-352658-011 0-PPE-0 : default AAATM Message 408435002 0 :  "Encoding URL as it has speical chars in redirect url </recipe_search.php?searchstring=<script>alert(document.domain);</script> HTTP/1.0^M Host: 10.10.2.1^M Connection: Keep-Alive^M Qualys-Scan: EXT_Qualys_200^M clientip: 6.6.9.1^M Accept-Encoding: identity^M ^M  ClientVersion TLSv1.2 - CipherSuite "TLS1-AES-256-CBC-SHA" - Session Reuse  - HandshakeTime 0 ms <C1><BA><AB><A4><96>b(<E9>d5e<EC><96>Q5<89>m9<^[1<D4><E6>V<C7><B8>#<E3>tb~^E<B4><ED><83>7<96><A0>^H<99>LH<86>;*^U^Q<DC>-^G!<B7><C1>        <E3>[M<D8>0C<AD><B4>H<DC>^[<C6><88>St<C1>^?<B4>JX<AD><97>(w*0<D6>2^B
<B1><D5><BA>o<D5>U<B7>V<8F><CB><D4><98>v<C6><81><F8>j<CB><8F><B4><AF>9<81>?V<B4><F5>^]<F4><92>N<E5>B=h<A2><ED><B6>(=<C1><D6>S7<DF><8C><9B><83>p<96><FD>g`<D8>S<87>0<CC>K<86><A8>,^\z^U<98>f<DE>1<95>`<EE>^Qw<8A><D0><C9>jc6<8F>)^A(<F0>S<EA>^<D7><99>5<9D>zt<EA><F9><C2>7<8A><C2><BC>7<F6><D1>^T<B6><95><F6><8E><BF>8<E8><9A>^P^\5^]^Ro<89><91>f<D3><BA>^X<BD><F5>UJ+^<C0><9D>Y,^A7+<AA>$<A4>]<98><F9><C0>^C^?D<91>Y<9E>O<EA>K<EA><DF>11<C9><B1>A<8A><BC><C2>^Z_<CB>I<CA><80><80>&<96><B0><CB>#|Rz<92>^H<D9>m<EB><B7><D1><B2><97>^M<8C>^B<85><DA>9<FA><A1><A7>t<82><B0>&^L<9B><AE>%w&<81><FB>^D<CF><D3><87><8B><80><E5><82>>"<F6><88>"~<A9>8vQ<9C>l^Z<8A>^D<8C>^Kn<A8><A7>`^^D<DE>E<BD>#<C5><9D>3^QvkH<85><B9>^_^]<B6><B0><E3>P<F3>,<B5>^U<A9>S\<AE><BD>Y<AF><81>^W<D1>Q<97>G<D2><A5>k<86>"A<E1>^Q<C9>^X<C0>^[wI<D0>i^W<FD>BcW<A1>^\(<88>jO<96><98><F8>PhR<FD><B7>w<C9>{g4<91><A6><A2><EC>o<9E><BE>[<C4><C4><9E><90><9C><DE>#<BE><C2><D6><C3>g<E7>\<E8>^E<85><92><D0><8C>Y>cq<C5><B2>Q^[hf/<A8>7^B<E6>"9<85><C6>a<B9><DE><81>^_G9x^A<8E>O<DA>5<B7><8E><EF>^Q\wx^B.C><F7><A5><B5><F6>s<96><86>E1<81><C0><A7><E9>^O<96><9B><BB>^Z<F2>y<AF>^C6D"^L<CD><8A>B<DB><D9><DE><EE>P<D7>L/<9A><92><84><F7>

Resolution

This is not really Auditlog issue  and is an expected behavior
 

Problem Cause

The log is trying to print 'string' form of unprintable characters. UTF-8 charset has lot of character codes (numerical representation of characters) that are beyond readable characters. Attempting to print them with %s format specifier will result in such "junk"
Also, the URL encoding happens after the syslog. What it means is, this junk was not caused by URL encoding, it was caused given above explanation.

 
Powered by Wolken Software