[syslog-ng] syslog-ng 3.0 seem to chop some of the long lines off
Balazs Scheidler
bazsi at balabit.hu
Fri Jun 19 06:38:27 CEST 2009
On Wed, 2009-06-17 at 12:10 -0700, Joe Hansen wrote:
> We're seeing lines in /var/log/messages that are chopped off. They
> should look like this:
>
> [Contents removed]
>
>
> Anyone seen this?
>
> Thanks
>
>
>
Well, can you tell us a little bit more on your configuration? What
protocol do you use on the source side? Do you happen to use the new
RFC5424 style protocol, or the legacy one?
What is generating those messages, can you show us a tcpdump/strace
snippet that shows how that frame is travelling the network?
Also, syslog-ng 3.0 does not remove embedded NL characters by default,
maybe the rest of the message continues on the next line?
You can reenable the previous behaviour by using the 'no-multi-line'
flag for your source or destination (e.g. you can change the multi-line
handling not just for a given source, but also handle the same message
differently in different destinations).
--
Bazsi
More information about the syslog-ng
mailing list