Hi, On 05/07/2015 09:50 PM, Alan Sam wrote:
Hello All,
Thank you for your response.
The protocol used is: UDP
This is a screenshot that shows that Solaris (where syslog-ng) is running receives the log in two diffrent lines. Can this explain why the flag "no-multi-linme" in syslog-ng (in Solaris) is not working?
Wow, it was really 'low resolution'. Zooming in showed that there isn't any kind of UDP packet fragmentation happening (not surprising, the kernel would reassembele fragments transparently to syslog-ng) but the sender device actually splits the logs into multiple packets so syslog-ng does exactly what it should do. Yet another broken syslog implementation on Cisco's side :( I'm not aware of how such logs could get concatenated without writing an app which postprocesses the logs. Regards, Sandor