https://bugzilla.balabit.com/show_bug.cgi?id=131 Summary: XML tags being stripped Product: syslog-ng Version: 3.0.x Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: jsu2@emory.edu Type of the Report: bug Estimated Hours: 0.0 Is there a known bug where syslog-ng arbitrarily strips xml tags from log messages? That is, some of our logs output xml, and syslog-ng seems to be stripping some of these tags before writing them. In particular, we have syslog-ng client configured to read from a local log file, send the log file to the syslog-ng server. The server does some basic csv parsing before writing it out. If this problem is fixed in a newer version, please let me know which version. Here's what the original log file should look like: 2011-08-24 12:00:02,685 INFO [Thread-35674] - [MessageIdentificationSyncCommand] Processing message <?xml version="1.0" encoding="UTF-8"?> <PurchaseOrderMessage version="2.2"> <Header> <MessageId>3125206c-5063-4465-a020-0131fc850885</MessageId> <Timestamp>2011-08-24T12:00:02.183-04:00</Timestamp> <Authentication> <Identity>Emory</Identity> <SharedSecret>PO$xport</SharedSecret> </Authentication> </Header> <PurchaseOrder> <POHeader id="16972984"> <WorkflowStatus status="Completed" /> <SupplierStatus status="SentToSupplier"> <HasBackorderedItems>false</HasBackorderedItems> <HasCancelledItems>false</HasCancelledItems> <HasSupplierEdits>false</HasSupplierEdits> <HasShippedItems>false</HasShippedItems> </SupplierStatus> <APStatus status="Close" /> <RevisionNumber>1</RevisionNumber> <RevisionDate>2011-08-24T11:54:10.745-04:00</RevisionDate> <PONumber>S660540</PONumber> <AlternatePONumber /> <Requestor> <UserProfile username="nbonus"> <FirstName>Nancy</FirstName> <LastName>Doe</LastName> <Email>ndoe@mydomain.bogus</Email> <Phone> <TelephoneNumber> <CountryCode>1</CountryCode> <AreaCode>555</AreaCode> <Number>5552765</Number> </TelephoneNumber> </Phone> <Department>My Department</Department> But, it shows up on syslog-ng server as: intesbprod1 [10857]: Error processing log message: <PurchaseOrderMessage version="2.2"> intesbprod1 : intesbprod1 : intesbprod1 : 00:02.183-04:00</Timestamp> intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : id="16972984"> intesbprod1 : status="Completed" /> intesbprod1 : status="SentToSupplier"> intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : status="Close" /> intesbprod1 : intesbprod1 : 54:10.745-04:00</RevisionDate> intesbprod1 : intesbprod1 : /> intesbprod1 : intesbprod1 : username="ndoe"> intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : intesbprod1 : My Department</Department> Here's how the client is configured: source s_RoutingService { file("/opt/openeai/dev/logs/RoutingService.log" program_override("EnterpriseServiceBus RoutingService.log dev ")); }; source s_axis2 { file("/var/log/jboss/axis2.log" program_override("JBoss axis2.log qa ")); }; ###################### # logging rules # ###################### log { source(s_RoutingService); destination(d_net);} ; log { source(s_axis2); destination(d_net);} ; Here's how the server is configured: filter f_apps { program("EnterpriseServiceBus" flags ("ignore-case")) or program("JBoss" flags ("ignore-case")) or program("SonicMQ" flags ("ignore-case")); }; template t_apps { template("$SHOST ${ESB.MSG}\n"); }; parser p_apps { csv-parser(columns("ESB.LOG","ESB.DIR","ESB.MSG") delimiters(" ") flags(greedy, escape-none)); }; destination d_apps { file("/var/UTS/actv/$R_YEAR-$R_MONTH-$R_DAY/apps/$PROGRAM/${ESB.DIR}/${ESB.LOG}" create_dirs(yes) template(t_apps)); }; log { source(s_net); parser(p_shost); log { filter(f_systems); . . . log { filter(f_apps); parser(p_apps); destination(d_apps); flags(final); }; log { destination(d_srvr_mesg); flags(final); }; }; }; -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.