Balazs Scheidler <bazsi77@gmail.com> writes:
>> I have one question, does syslog-ng OSE support multiline parsing logs?
>> i have one applications that send multiline messages and syslog-ng save
>> the log of the first line only.
>
> syslog-ng core is multiline aware, however a transport is needed thatIt is progressing nicely, and it will be available in syslog-ng 3.4 if
> supports multiline messages.
>
> such a transport is udp(), which has other issues. syslog() with
> either udp, tcp or tls supports multiline messages.
>
> similarly unix-dgram should work for locally generated multiline
> messages.
>
> the only missing thing is the ability to read local files and
> recognize multiline barriers, but Algernon is working on solving this.
all goes well. I already have indented-multiline support in a state I'm
reasonably happy with[1], a more flexible solution will be implemented
once a few other pending issues are resolved.
[1]: https://github.com/algernon/syslog-ng/tree/feature/3.4/indented-multiline
Meanwhile, I'd like to ask what kind of multiline logs does your
application produce? Can you show a sample, by any chance? That'd help
me make sure that the multiline reader I'm working on will work for all
kinds of use-cases.
Thanks in advance!
--
|8]
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq