Hello Graylog2 community
;tl/dr;
I am curious about the use of 0x1E and 0x0F as the indicator for a message that has been chunked. I see on the list of protocol numbers that 0x1E is the NETBLT protocol, but do not know if that is a commonly used value for chunking over UDP…? I would like to use an implementation that is in general use, not a one off…
Full background
I have been working with a service internal to my company and have need to produce / consume chunked messages sent via UDP. I have recently created a simple UDP client for the Elixir language and based that work off an existing Graylog2 client that used the 0x1E, 0x0F values when chunking the message into datagrams.
In looking more into how Graylog2 handles this I happened across the GELFMessage class and how it detects and processes chunked messages.
This seems like a reasonable approach, and I would like to use it as a basis for handling this in our internal service.
Appreciate any feedback and guidance!!
Best,
r/Steve