Hello, I found that problem described only occurs if udp packet does not end with \0. This id little test for it: #!/usr/bin/perl -w use strict; use IO::Socket::INET; my @msg = ( "<30>Jan 31 13:51:30 Yadda yadda [12345]: Time to die.\ndie now!\n\0", "<30>Jan 31 13:51:30 Yadda yadda [12345]: Time to die.\ndie now!\n", "<30>Yadda yadda [12345]: Time to die.\ndie now!\n\0" ); my $sock = IO::Socket::INET->new(PeerAddr => 'localhost', PeerPort => 514, Proto => 'udp'); foreach (@msg) { $sock->send($_); $sock->flush(); sleep(1); } Results are following: 1. Message not splitted Jan 31 13:51:30 localhost yadda[12345]: Time to die. die now! 2. No \0 at the end - message is splitted Jan 31 13:51:30 localhost yadda[12345]: Time to die. Jan 31 16:06:09 localhost die now! 3. No timestamp in packet - program name becomes correct Jan 31 16:06:10 localhost Yadda yadda[12345]: Time to die. die now! Hope this helps... On Fri, Jan 31, 2003 at 02:05:36PM +0300, Dmitry Frolov wrote:
I encountered some problems with syslog-ng 1.5.25, while trying to separate logs by program name. Our developers often use multiline log messages, stack traces for example. The problem is that when multiline message received via network (udp) it is logged as several lines, and only first line has program name in it. So, when i configure 'program' filter, it only catches first line.
-- Dmitry Frolov, Zenon N.S.P. (095) 250-4629, http://www.zenon.net/