New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

send log file through ncat, can't recognize new lines... #1316

Open
rcv211 opened this Issue Sep 6, 2018 · 4 comments

Comments

Projects
None yet
2 participants
@rcv211

rcv211 commented Sep 6, 2018

I'm trying to send a log file with
ncat -u -w1 --send-only <host> <port> < log.txt

problem is that send as one line, for instance if I create a txt with

one line
second line
third line

it will send it as "one line second line third line"
If I use the -C options just send it as "one line ^M second line ^M third line ^M"
Now if I use a while loop like
while read x; do echo $x|ncat -u -w1 --send-only <host> <port>;done < log.txt

send it correctly but it takes so much time if there are thousands of lines...

Am I doing something wrong?

System OS: Centos 6,9
Nmap : 7.40

@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Sep 9, 2018

What is listening for the connection? Could that program be stripping out newlines? I cannot reproduce this with Ncat on both ends.

dmiller-nmap commented Sep 9, 2018

What is listening for the connection? Could that program be stripping out newlines? I cannot reproduce this with Ncat on both ends.

@rcv211

This comment has been minimized.

Show comment
Hide comment
@rcv211

rcv211 Sep 10, 2018

On the other end there is a syslog server
rsyslog 8.26.1
I also tried with syslog 1.5 , same result...
I also tried with different OS, Centos 6.9 and Slackware (nmap 6.40)...

rcv211 commented Sep 10, 2018

On the other end there is a syslog server
rsyslog 8.26.1
I also tried with syslog 1.5 , same result...
I also tried with different OS, Centos 6.9 and Slackware (nmap 6.40)...

@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Sep 10, 2018

@rcv211 syslog doesn't allow multiline log entries by default. Depending on the implementation, it may strip them or encode/escape them. This is most likely to prevent log event injection. You may be able to find a configuration or setting for rsyslogd that allows them to be let through.

This doesn't mean that we can't make Ncat do what you want, though. Pull Request #808 has an interesting new feature: it sets a delimiter character and forces Ncat to send when it encounters the character. By setting the character to a newline, you could probably accomplish what you want. However, I haven't looked at the PR recently and I don't know if this application is fully handled in its existing state.

dmiller-nmap commented Sep 10, 2018

@rcv211 syslog doesn't allow multiline log entries by default. Depending on the implementation, it may strip them or encode/escape them. This is most likely to prevent log event injection. You may be able to find a configuration or setting for rsyslogd that allows them to be let through.

This doesn't mean that we can't make Ncat do what you want, though. Pull Request #808 has an interesting new feature: it sets a delimiter character and forces Ncat to send when it encounters the character. By setting the character to a newline, you could probably accomplish what you want. However, I haven't looked at the PR recently and I don't know if this application is fully handled in its existing state.

@rcv211

This comment has been minimized.

Show comment
Hide comment
@rcv211

rcv211 Sep 11, 2018

Thanks,
I build a version 7.60, at least it builds, haven't tested as it says that --delimiter must be used along with -l option...
I would like to send-only data, and having two ncat might be an issue as I'll send data to various syslog servers, so I can't have an ncat instance on every receiver...

rcv211 commented Sep 11, 2018

Thanks,
I build a version 7.60, at least it builds, haven't tested as it says that --delimiter must be used along with -l option...
I would like to send-only data, and having two ncat might be an issue as I'll send data to various syslog servers, so I can't have an ncat instance on every receiver...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment