On Wed, 2007-08-22 at 08:21 -0400, Blurry wrote:
Here is a sample, first some nice ones
Jul 25 13:43:04 144.49.126.22/144.49.126.22 GET Jul 25 13:43:07 144.49.126.22/144.49.126.22 HELLO Jul 25 13:43:13 144.49.126.22/144.49.126.22 quit
then
Aug 20 09:59:13 tcpgateway@thishost syslog-ng[12107]: Message length overflow, line is split, log_msg_size=8192 Aug 20 10:27:53 router01/router01 ernet1/0<191>11463: Aug 20 10:25:52.617 EDT: OSPF: rcv. v:2 t:1 l:48 rid:144.63.255.232<191>11464: aid:144.1.0.0 chk:0 aut:2 keyid:1 seq:0xC64274 from FastEthernet1/0<191>11465: Aug 20 10:26:02.617 EDT: OSPF: rcv. v:2 t:1 l:48 rid:144.63.255.232<191>11466: aid: 144.1.0.0 chk:0 aut:2 keyid:1 seq:0xC64276 from FastEthernet1/0<191>11467: Aug 20 10:26:12.625 EDT: OSPF: rcv. v:2 t:1 l:48 rid:144.63.255.232<191>11468: aid:144.1.0.0 chk:0 aut:2 keyid:1 seq:0xC64278 from FastEthernet1/0<191>11469: Aug 20 10:26:22.625 EDT: OSPF: rcv. v:2 t:1 l:48 rid:144.63.255.232<191>11470: aid:14.1.0.0 chk:0 aut:2 keyid:1 seq:0xC6427A from
and continues on for a very long time on one line and then cuts off. There doesn't seem to be a field sep that I can tell in the file. I will try a tcpdump also.
A tcpdump would be helpful, as syslog-ng might filter out some characters as it writes to the output. If there's no linetermination, then I'm afraid I cannot help here. The message itself can contain <NNN> sequences, so I can't split lines there. -- Bazsi