From Psi-Jack@VERT/DECKHEVN to All on Monday, July 27, 2015 10:53:17
I think I found a potential bug in the hack.log output in testing my OSSEC integration.
Using SMTP's AUTH LOGIN, I generated the base64 information using:
echo 'username' | base64
This yielded a result of the username having a \n at the end. When hack.log outputted this to the hack.log, it retained that \n literally, putting a newline in there on the hack.log at that spot at the end of the username, breaking up the 4-line format of the hack.log.
It's minor, but could break things watching that log, like OSSEC, which needs a consistent number of lines for multiline parsing.