Hi,

I am collecting logs from a network device. They configured syslog format on their source side to be RFC3164.

On syslog-ng side I am using source and destination like this:

source s_xxx {

network(

ip(0.0.0.0)

transport(tcp)

port(xxx)

flags(store-raw-message)

);

};

destination folder_xxx {

file(

"/xxx/${R_YEAR}${R_MONTH}${R_DAY}/${SOURCEIP}_${HOST}_${R_HOUR}.log"

template("${RAWMSG}\n")

);

};

syslog-ng version 3.34

CentOS Linux release 7.9.2009

The problem is that syslog messages are stored in raw format but not separated in different line. Parity bit of new message starts imidiatelly after previous line -without space or enter.

I have the same config for some other hosts and there log files are created with separate lines. Vendor says they can't change anything on source side.

Do you have any idea what is the cause of this?

Thank you.

Br,

Dragan