[syslog-ng] Message length overflow, line is split, log_msg_size=2048

Hi there, For some time I am running syslog-ng as a backend mostly for snare agents on windoze. I get the following in the log from time to time: Jan 28 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 28 12:01:33 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048 Jan 28 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 29 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 29 12:00:01 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048 Jan 29 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 30 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 30 12:00:00 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048 Jan 30 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 31 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Jan 31 12:00:01 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048 Jan 31 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Feb 1 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Feb 1 12:01:40 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048 Feb 1 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0 Feb 2 00:12:26 svn01 syslog-ng[12377]: STATS: dropped 0 Feb 2 12:02:20 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048 Feb 2 12:12:26 svn01 syslog-ng[12377]: STATS: dropped 0 What does this "Message length overflow" ? How can I find/log who(=pid or IP) is sending long messages? Shall I increase log_msg_size? How? I am using syslog-ng-1.6.9 on Gentoo linux. The global part of the config: ### {{{ global options options { # hostname setup chain_hostnames(no); keep_hostname(no); use_dns(no); dns_cache(no); sync(0); stats(43200); create_dirs(yes); dir_owner(root); dir_group(logop); dir_perm(0750); owner(root); group(logop); perm(0640); }; ### global options }}} Some other bits-n-pieces: source s_network { udp(); }; destination d_ext_by_hosts_ALL { file("/var/log/syslog-ng/raw/remote/$YEAR-$MONTH-$DAY/$HOST/ALL" template("$ISODATE $HOST <$FACILITY.$LEVEL> $MSG\n") template_escape(no) ); }; log { source(s_network); destination(d_ext_by_hosts_ALL); }; Googling found only this unanswered mail from this ML: https://lists.balabit.hu/pipermail/syslog-ng/2005-December/008248.html Kalin. -- | A | | D | | J | | P |