<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="generator" content="Osso Notes">
<title></title></head>
<body>
<p>and how does this message get to rsyslog?
<br>
<br>
<br>----- Original message -----
<br>> This is one example:
<br>>
<br>>  [parser/msg_parser.c:714]: ERROR: parse_msg: message=<SIP/2.0
<br>> CSeq:713601 INVITE
<br>> Via:
<br>> SIP/2.0/UDP192.168.1.1;branch=z9hG4bKd3a2.99b5ab56.0;received=192.168.1.1
<br>>
<br>> Rsyslog replaces the \n with the string #015#012 so i keep my message in
<br>> one line
<br>>
<br>>  [parser/msg_parser.c:714]: ERROR: parse_msg: message=<SIP/2.0
<br>> #015#012CSeq:713601 INVITE#015#012Via:
<br>> SIP/2.0/UDP192.168.1.1;branch=z9hG4bKd3a2.99b5ab56.0;received=192.168.1.1
<br>>
<br>> But syslog-ng only stores the first line of the message
<br>> [parser/msg_parser.c:714]: ERROR: parse_msg: message=<SIP/2.0
<br>>
<br>> Regards,
<br>>
<br>> Daniel
<br>>
<br>> 2012/10/25 Gergely Nagy <<a href="mailto:algernon@balabit.hu">algernon@balabit.hu</a>>
<br>>
<br>> > Balazs Scheidler <<a href="mailto:bazsi77@gmail.com">bazsi77@gmail.com</a>> writes:
<br>> >
<br>> > > > I have one question, does syslog-ng OSE support multiline parsing
<br>> > > > logs? i have one applications that send multiline messages and
<br>> > > > syslog-ng save the log of the first line only.
<br>> > >
<br>> > > syslog-ng core is multiline aware, however a transport is needed that
<br>> > > supports multiline messages.
<br>> > >
<br>> > > such a transport is udp(), which has other issues. syslog() with
<br>> > > either udp, tcp or tls supports multiline messages.
<br>> > >
<br>> > > similarly unix-dgram should work for locally generated multiline
<br>> > > messages.
<br>> > >
<br>> > > the only missing thing is the ability to read local files and
<br>> > > recognize multiline barriers, but Algernon is working on solving
<br>> > > this.
<br>> >
<br>> > It is progressing nicely, and it will be available in syslog-ng 3.4 if
<br>> > all goes well. I already have indented-multiline support in a state I'm
<br>> > reasonably happy with[1], a more flexible solution will be implemented
<br>> > once a few other pending issues are resolved.
<br>> >
<br>> > [1]:
<br>> > <a href="https://github.com/algernon/syslog-ng/tree/feature/3.4/indented-multiline">https://github.com/algernon/syslog-ng/tree/feature/3.4/indented-multiline</a>
<br>> >
<br>> > Meanwhile, I'd like to ask what kind of multiline logs does your
<br>> > application produce? Can you show a sample, by any chance? That'd help
<br>> > me make sure that the multiline reader I'm working on will work for all
<br>> > kinds of use-cases.
<br>> >
<br>> > Thanks in advance!
<br>> >
<br>> > --
<br>> > |8]
<br>> >
<br>> >
<br>> > ______________________________________________________________________________
<br>> > Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
<br>> > Documentation:
<br>> > <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
<br>> > FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
<br>> >
<br>> >
<br><br></p>
</body>
</html>