I am running syslog-ng version 1.6.4 in place of syslogd on Solaris 8.

Getting the following results when receiving syslog events with an embedded dash '-':

Actual Event

Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10 05:15:21.204 R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed -Traceback= 253274 253414 252B98 2524FC E97CC E75D4 E9974 124DDC

Shows up in Syslog log as

Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10 05:15:21.204 R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed

Aug 10 04:15:22 <Device Name A>.<Domain Name> 4845: -Traceback= 253274 253414 252B98 2524FC E97CC E75D4 E9974 124DDC

Actual Event

May  6 10:04:45 <Device Name B>.<Domain Name> 40: May  6 07:04:44: %TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x61180434 -Process= \"DLSw msg proc\", ipl= 0, pid= 62 -Traceback= 6035CF34 6035E4A8 60709AE0 607067DC 60706370 607359A0 6072BDB8 6072911C 60716EE4 607147A8 602616E4 602616D0

Shows up in Syslog log as

May  6 10:04:45 <Device Name B>.<Domain Name> 40: May  6 07:04:44: %TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x61180434

May  6 10:04:45 <Device Name B>.<Domain Name> 41: -Process= \"DLSw msg proc\", ipl= 0, pid= 62
May  6 10:04:45 <Device Name B>.<Domain Name> 42: -Traceback= 6035CF34 6035E4A8 60709AE0 607067DC 60706370 607359A0 6072BDB8 6072911C 60716EE4 607147A8 602616E4 602616D0

        Anyone have an answer as to why it is splitting up the Syslog events this way, and if so, how do you correct it?

        Also, is there a search function for the archives?  Visually looking through month after month put me to sleep pretty quickly!

        Thanks
        Bill