<div dir="ltr">ah!!! where do i download 3.5 OpenSource? could you please point me out.. also in my case i am using UDP port for source so my syntex would be like following? right?<br><br>source s_tomcat {<br>        syslog( transport(&quot;udp&quot;) multi-line-mode(indented));<br>
};<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 11, 2013 at 12:40 PM, Balazs Scheidler <span dir="ltr">&lt;<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">My gosh, I incorrectly remembered a number of vital details, sorry for that.</p>
<p dir="ltr">The syntax has been changed from the flags format, it&#39;s like this:</p>
<p dir="ltr">file(&#39;tomcat.log&#39; multi-line-mode(indented));<br></p>
<p dir="ltr">I have actually tried this one, however I have one other bad news, this feature missed 3.4 so it&#39;s only available in the 3.5 branch. IIRC Algernon already published 3.5 binaries for Debian/Ubuntu distros.</p>
<div class="HOEnZb"><div class="h5">

<div class="gmail_quote">On Jul 11, 2013 4:22 PM, &quot;Satish Patel&quot; &lt;<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr"><div>This is my source declaration and i have put flags which you have mentioned. <br><br>source s_tomcat {<br>        syslog( transport(&quot;udp&quot;) flags(indent-multi-line));<br>};<br><br></div>I got following error when i am trying to put flags<br>


<br>Error parsing afsocket, Unknown flag indent-multi-line in /usr/local/syslog-ng-3.4.2/etc/syslog-ng.conf at line 54, column 33:<br><br>        syslog( transport(&quot;udp&quot;) flags(indent-multi-line) );<br>                                       ^^^^^^^^^^^^^^^^^<br>


<br><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 11, 2013 at 7:53 AM, Balazs Scheidler <span dir="ltr">&lt;<a href="mailto:bazsi@balabit.hu" target="_blank">bazsi@balabit.hu</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
I can&#39;t see the source declaration, it must be something along the lines<br>
of:<br>
<br>
source s_tomcat {<br>
    file(&quot;/var/log/tomcat/xxx.log&quot; flags(indent-multi-line));<br>
};<br>
<div><div><br>
On Wed, 2013-07-10 at 12:54 -0400, Satish Patel wrote:<br>
&gt; Hi Balazs,<br>
&gt;<br>
&gt;<br>
&gt; what is your thought about my config? did you see?<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; On Mon, Jul 8, 2013 at 12:30 PM, Satish Patel &lt;<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>&gt;<br>
&gt; wrote:<br>
&gt;         This is what i have configured and no luck with it.. can you<br>
&gt;         suggest what i am missing?<br>
&gt;<br>
&gt;         destination d02_tc74_log<br>
&gt;         { file(&quot;/logs/server1/tomcat7.4/catalina_$YEAR$MONTH$DAY.log&quot;<br>
&gt;         template(&quot;$(indent-multi-line ${MESSAGE})\n&quot;)<br>
&gt;         template(t_tomcatlog) owner(&quot;root&quot;) group(&quot;root&quot;) perm(0644)<br>
&gt;         dir_perm(0755) create_dirs(yes)); };<br>
&gt;         filter server1 { host(&quot;<a href="http://server1.example.com" target="_blank">server1.example.com</a>&quot;) };<br>
&gt;         log {<br>
&gt;           source (s_tomcat);<br>
&gt;           filter (server1);<br>
&gt;           filter (tomcat7_4);<br>
&gt;           destination (d02_tc74_log);<br>
&gt;         };<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;         On Mon, Jul 8, 2013 at 12:08 PM, Satish Patel<br>
&gt;         &lt;<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>&gt; wrote:<br>
&gt;                 How do i use indented-multi-line ? I meant where do i<br>
&gt;                 configure it? I tried but my syslog-ng doesn&#39;t<br>
&gt;                 recognizing this option i have syslog-ng 3.3.7  could<br>
&gt;                 you give me example where and how do i check whether<br>
&gt;                 it is supported or not<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                 On Sat, Jul 6, 2013 at 2:12 AM, Balazs Scheidler<br>
&gt;                 &lt;<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>&gt; wrote:<br>
&gt;                         This looks.like the format that should be<br>
&gt;                         supported by indented-multi-line<br>
&gt;<br>
&gt;                         On Jul 5, 2013 9:33 PM, &quot;Satish Patel&quot;<br>
&gt;                         &lt;<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>&gt; wrote:<br>
&gt;                                 Here is my tomcat catalina.out log<br>
&gt;                                 file sample. See there is a tab space<br>
&gt;                                 in logs<br>
&gt;<br>
&gt;                                 2013-06-27 05:30:00,065<br>
&gt;                                 [EDISN-Scheduler_Worker-2] ERROR<br>
&gt;                                 com.example.edisn.sftp.SftpSession -<br>
&gt;                                 Exception attempting to work with an<br>
&gt;                                 SFTP Session: connection is closed by<br>
&gt;                                 foreign host<br>
&gt;                                 2013-06-27 05:30:00,066<br>
&gt;                                 [EDISN-Scheduler_Worker-2] ERROR<br>
&gt;                                 org.quartz.core.JobRunShell - Job<br>
&gt;                                 EDISN.CTMS_Upload threw an unhandled<br>
&gt;                                 Exception:<br>
&gt;                                 com.example.edisn.EdisnRuntimeException: Exception attempting to work with an SFTP Session: connection is closed by foreign host<br>
&gt;                                         at<br>
&gt;                                 com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:64)<br>
&gt;                                         at<br>
&gt;                                 com.example.edisn.EdisnSession.exec(EdisnSession.java:13)<br>
&gt;                                         at<br>
&gt;                                 com.example.ctms.CtmsScheduledJob.executeInternal(CtmsScheduledJob.java:27)<br>
&gt;                                         at<br>
&gt;                                 org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)<br>
&gt;                                         at<br>
&gt;                                 org.quartz.core.JobRunShell.run(JobRunShell.java:202)<br>
&gt;                                         at<br>
&gt;                                 org.quartz.simpl.SimpleThreadPool<br>
&gt;                                 $WorkerThread.run(SimpleThreadPool.java:525)<br>
&gt;                                 Caused by:<br>
&gt;                                 com.jcraft.jsch.JSchException:<br>
&gt;                                 connection is closed by foreign host<br>
&gt;                                         at<br>
&gt;                                 com.jcraft.jsch.Session.connect(Unknown Source)<br>
&gt;                                         at<br>
&gt;                                 com.jcraft.jsch.Session.connect(Unknown Source)<br>
&gt;                                         at<br>
&gt;                                 com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:45)<br>
&gt;                                         ... 5 more<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                 On Fri, Jul 5, 2013 at 3:27 PM, Balazs<br>
&gt;                                 Scheidler &lt;<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>&gt; wrote:<br>
&gt;                                         No, I implemented a different<br>
&gt;                                         multiline style support first<br>
&gt;                                         (that is not in pe), where<br>
&gt;                                         continuation lines are<br>
&gt;                                         indicated by indentation, like<br>
&gt;                                         mime.<br>
&gt;<br>
&gt;                                         Iirc tomcat has this kind of<br>
&gt;                                         log file. Can you show a<br>
&gt;                                         sample log entry?<br>
&gt;<br>
&gt;                                         The infrastructure for<br>
&gt;                                         multiline-prefix is also there<br>
&gt;                                         but not added yet.<br>
&gt;<br>
&gt;                                         Let me see the sample, I&#39;ll<br>
&gt;                                         tell if the current solution<br>
&gt;                                         works or not.<br>
&gt;<br>
&gt;                                         On Jul 5, 2013 8:24 PM,<br>
&gt;                                         &quot;Satish Patel&quot;<br>
&gt;                                         &lt;<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>&gt; wrote:<br>
&gt;                                                 Thanks for reply<br>
&gt;                                                 Balazs,<br>
&gt;<br>
&gt;<br>
&gt;                                                 You mean say this<br>
&gt;                                                 feature is available<br>
&gt;                                                 in Open Source Edition<br>
&gt;                                                 (OSE) 3.4? Once after<br>
&gt;                                                 specifying flag<br>
&gt;                                                 &quot;indented-multi-line&quot;<br>
&gt;                                                 i can use<br>
&gt;                                                 multi-line-prefix?<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                                 On Fri, Jul 5, 2013 at<br>
&gt;                                                 1:26 PM, Balazs<br>
&gt;                                                 Scheidler<br>
&gt;                                                 &lt;<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>&gt;<br>
&gt;                                                 wrote:<br>
&gt;                                                         You have found<br>
&gt;                                                         the PE<br>
&gt;                                                         documentation<br>
&gt;                                                         but I have<br>
&gt;                                                         already ported<br>
&gt;                                                         this to the<br>
&gt;                                                         OSE tree and<br>
&gt;                                                         has been<br>
&gt;                                                         released as<br>
&gt;                                                         part of 3.4.<br>
&gt;<br>
&gt;                                                         You have to<br>
&gt;                                                         specify<br>
&gt;                                                         indented-multi-line as a flag to the file source.<br>
&gt;<br>
&gt;                                                         On Jul 5, 2013<br>
&gt;                                                         6:28 PM,<br>
&gt;                                                         &quot;Satish Patel&quot;<br>
&gt;                                                         &lt;<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt;                                                                 We<br>
&gt;                                                                 have<br>
&gt;                                                                 tomcat<br>
&gt;                                                                 shop<br>
&gt;                                                                 and at<br>
&gt;                                                                 everyone know tomcat has a java call trace in logs with tab space but syslog-ng doesn&#39;t know about it and printing lines as a new line. I have read here syslog-ng 3.x does support multi-line logs <a href="http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html" target="_blank">http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html</a><br>



&gt;<br>
&gt;<br>
&gt;                                                                 But<br>
&gt;                                                                 does<br>
&gt;                                                                 this<br>
&gt;                                                                 feature available in Open Source syslog-ng? If yes then why its not working for me?<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                                                 ______________________________________________________________________________<br>
&gt;                                                                 Member<br>
&gt;                                                                 info:<br>
&gt;                                                                 <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt;                                                                 Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>



&gt;                                                                 FAQ:<br>
&gt;                                                                 <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                                         ______________________________________________________________________________<br>
&gt;                                                         Member info:<br>
&gt;                                                         <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt;                                                         Documentation:<br>
&gt;                                                         <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>



&gt;                                                         FAQ:<br>
&gt;                                                         <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                                 ______________________________________________________________________________<br>
&gt;                                                 Member info:<br>
&gt;                                                 <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt;                                                 Documentation:<br>
&gt;                                                 <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
&gt;                                                 FAQ:<br>
&gt;                                                 <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                         ______________________________________________________________________________<br>
&gt;                                         Member info:<br>
&gt;                                         <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt;                                         Documentation:<br>
&gt;                                         <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
&gt;                                         FAQ:<br>
&gt;                                         <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                                 ______________________________________________________________________________<br>
&gt;                                 Member info:<br>
&gt;                                 <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt;                                 Documentation:<br>
&gt;                                 <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
&gt;                                 FAQ:<br>
&gt;                                 <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;                         ______________________________________________________________________________<br>
&gt;                         Member info:<br>
&gt;                         <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt;                         Documentation:<br>
&gt;                         <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
&gt;                         FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; ______________________________________________________________________________<br>
&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt; Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
&gt; FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
<br>
<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>
</div></div><br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>