On Thu, Jul 11, 2013 at 10:22 AM, <syslog-ng-request@lists.balabit.hu> wrote:

Send syslog-ng mailing list submissions to
syslog-ng@lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
syslog-ng-request@lists.balabit.hu

You can reach the person managing the list at
syslog-ng-owner@lists.balabit.hu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."

Today's Topics:

1. Re: Multi-line support issue (Balazs Scheidler)
2. Re: Multi-line support issue (Satish Patel)

----------------------------------------------------------------------

Message: 1
Date: Thu, 11 Jul 2013 13:53:56 +0200
From: Balazs Scheidler <bazsi@balabit.hu>
Subject: Re: [syslog-ng] Multi-line support issue
To: Syslog-ng users' and developers' mailing list
<syslog-ng@lists.balabit.hu>
Message-ID: <1373543636.3171.17.camel@bzorp>
Content-Type: text/plain; charset="UTF-8"

I can't see the source declaration, it must be something along the lines
of:

source s_tomcat {
file("/var/log/tomcat/xxx.log" flags(indent-multi-line));
};

On Wed, 2013-07-10 at 12:54 -0400, Satish Patel wrote:
> Hi Balazs,
>
>
> what is your thought about my config? did you see?
>
>
>
> On Mon, Jul 8, 2013 at 12:30 PM, Satish Patel <satish.txt@gmail.com>
> wrote:
> This is what i have configured and no luck with it.. can you
> suggest what i am missing?
>
> destination d02_tc74_log
> { file("/logs/server1/tomcat7.4/catalina_$YEAR$MONTH$DAY.log"
> template("$(indent-multi-line ${MESSAGE})\n")
> template(t_tomcatlog) owner("root") group("root") perm(0644)
> dir_perm(0755) create_dirs(yes)); };
> filter server1 { host("server1.example.com") };
> log {
> source (s_tomcat);
> filter (server1);
> filter (tomcat7_4);
> destination (d02_tc74_log);
> };
>
>
>
>
> On Mon, Jul 8, 2013 at 12:08 PM, Satish Patel
> <satish.txt@gmail.com> wrote:
> How do i use indented-multi-line ? I meant where do i
> configure it? I tried but my syslog-ng doesn't
> recognizing this option i have syslog-ng 3.3.7 could
> you give me example where and how do i check whether
> it is supported or not
>
>
>
> On Sat, Jul 6, 2013 at 2:12 AM, Balazs Scheidler
> <bazsi77@gmail.com> wrote:
> This looks.like the format that should be
> supported by indented-multi-line
>
> On Jul 5, 2013 9:33 PM, "Satish Patel"
> <satish.txt@gmail.com> wrote:
> Here is my tomcat catalina.out log
> file sample. See there is a tab space
> in logs
>
> 2013-06-27 05:30:00,065
> [EDISN-Scheduler_Worker-2] ERROR
> com.example.edisn.sftp.SftpSession -
> Exception attempting to work with an
> SFTP Session: connection is closed by
> foreign host
> 2013-06-27 05:30:00,066
> [EDISN-Scheduler_Worker-2] ERROR
> org.quartz.core.JobRunShell - Job
> EDISN.CTMS_Upload threw an unhandled
> Exception:
> com.example.edisn.EdisnRuntimeException: Exception attempting to work with an SFTP Session: connection is closed by foreign host
> at
> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:64)
> at
> com.example.edisn.EdisnSession.exec(EdisnSession.java:13)
> at
> com.example.ctms.CtmsScheduledJob.executeInternal(CtmsScheduledJob.java:27)
> at
> org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
> at
> org.quartz.core.JobRunShell.run(JobRunShell.java:202)
> at
> org.quartz.simpl.SimpleThreadPool
> $WorkerThread.run(SimpleThreadPool.java:525)
> Caused by:
> com.jcraft.jsch.JSchException:
> connection is closed by foreign host
> at
> com.jcraft.jsch.Session.connect(Unknown Source)
> at
> com.jcraft.jsch.Session.connect(Unknown Source)
> at
> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:45)
> ... 5 more
>
>
>
>
> On Fri, Jul 5, 2013 at 3:27 PM, Balazs
> Scheidler <bazsi77@gmail.com> wrote:
> No, I implemented a different
> multiline style support first
> (that is not in pe), where
> continuation lines are
> indicated by indentation, like
> mime.
>
> Iirc tomcat has this kind of
> log file. Can you show a
> sample log entry?
>
> The infrastructure for
> multiline-prefix is also there
> but not added yet.
>
> Let me see the sample, I'll
> tell if the current solution
> works or not.
>
> On Jul 5, 2013 8:24 PM,
> "Satish Patel"
> <satish.txt@gmail.com> wrote:
> Thanks for reply
> Balazs,
>
>
> You mean say this
> feature is available
> in Open Source Edition
> (OSE) 3.4? Once after
> specifying flag
> "indented-multi-line"
> i can use
> multi-line-prefix?
>
>
>
> On Fri, Jul 5, 2013 at
> 1:26 PM, Balazs
> Scheidler
> <bazsi77@gmail.com>
> wrote:
> You have found
> the PE
> documentation
> but I have
> already ported
> this to the
> OSE tree and
> has been
> released as
> part of 3.4.
>
> You have to
> specify
> indented-multi-line as a flag to the file source.
>
> On Jul 5, 2013
> 6:28 PM,
> "Satish Patel"
> <satish.txt@gmail.com> wrote:
>
> We
> have
> tomcat
> shop
> and at
> everyone know tomcat has a java call trace in logs with tab space but syslog-ng doesn't know about it and printing lines as a new line. I have read here syslog-ng 3.x does support multi-line logs http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html
>
>
> But
> does
> this
> feature available in Open Source syslog-ng? If yes then why its not working for me?
>
>
>
> ______________________________________________________________________________
> Member
> info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

------------------------------

Message: 2
Date: Thu, 11 Jul 2013 10:22:45 -0400
From: Satish Patel <satish.txt@gmail.com>
Subject: Re: [syslog-ng] Multi-line support issue
To: "Syslog-ng users' and developers' mailing list"
<syslog-ng@lists.balabit.hu>
Message-ID:
<CAPgF-fpPdRswwj2HNUXAxfgRekHVhwwF6O=7N39q9mfggN-nUQ@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

This is my source declaration and i have put flags which you have
mentioned.

source s_tomcat {
syslog( transport("udp") flags(indent-multi-line));
};

I got following error when i am trying to put flags

Error parsing afsocket, Unknown flag indent-multi-line in
/usr/local/syslog-ng-3.4.2/etc/syslog-ng.conf at line 54, column 33:

syslog( transport("udp") flags(indent-multi-line) );
^^^^^^^^^^^^^^^^^

On Thu, Jul 11, 2013 at 7:53 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:

>
> I can't see the source declaration, it must be something along the lines
> of:
>
> source s_tomcat {
> file("/var/log/tomcat/xxx.log" flags(indent-multi-line));
> };
>
> On Wed, 2013-07-10 at 12:54 -0400, Satish Patel wrote:
> > Hi Balazs,
> >
> >
> > what is your thought about my config? did you see?
> >
> >
> >
> > On Mon, Jul 8, 2013 at 12:30 PM, Satish Patel <satish.txt@gmail.com>
> > wrote:
> > This is what i have configured and no luck with it.. can you
> > suggest what i am missing?
> >
> > destination d02_tc74_log
> > { file("/logs/server1/tomcat7.4/catalina_$YEAR$MONTH$DAY.log"
> > template("$(indent-multi-line ${MESSAGE})\n")
> > template(t_tomcatlog) owner("root") group("root") perm(0644)
> > dir_perm(0755) create_dirs(yes)); };
> > filter server1 { host("server1.example.com") };
> > log {
> > source (s_tomcat);
> > filter (server1);
> > filter (tomcat7_4);
> > destination (d02_tc74_log);
> > };
> >
> >
> >
> >
> > On Mon, Jul 8, 2013 at 12:08 PM, Satish Patel
> > <satish.txt@gmail.com> wrote:
> > How do i use indented-multi-line ? I meant where do i
> > configure it? I tried but my syslog-ng doesn't
> > recognizing this option i have syslog-ng 3.3.7 could
> > you give me example where and how do i check whether
> > it is supported or not
> >
> >
> >
> > On Sat, Jul 6, 2013 at 2:12 AM, Balazs Scheidler
> > <bazsi77@gmail.com> wrote:
> > This looks.like the format that should be
> > supported by indented-multi-line
> >
> > On Jul 5, 2013 9:33 PM, "Satish Patel"
> > <satish.txt@gmail.com> wrote:
> > Here is my tomcat catalina.out log
> > file sample. See there is a tab space
> > in logs
> >
> > 2013-06-27 05:30:00,065
> > [EDISN-Scheduler_Worker-2] ERROR
> > com.example.edisn.sftp.SftpSession -
> > Exception attempting to work with an
> > SFTP Session: connection is closed by
> > foreign host
> > 2013-06-27 05:30:00,066
> > [EDISN-Scheduler_Worker-2] ERROR
> > org.quartz.core.JobRunShell - Job
> > EDISN.CTMS_Upload threw an unhandled
> > Exception:
> > com.example.edisn.EdisnRuntimeException:
> Exception attempting to work with an SFTP Session: connection is closed by
> foreign host
> > at
> >
> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:64)
> > at
> >
> com.example.edisn.EdisnSession.exec(EdisnSession.java:13)
> > at
> >
> com.example.ctms.CtmsScheduledJob.executeInternal(CtmsScheduledJob.java:27)
> > at
> >
> org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
> > at
> >
> org.quartz.core.JobRunShell.run(JobRunShell.java:202)
> > at
> > org.quartz.simpl.SimpleThreadPool
> >
> $WorkerThread.run(SimpleThreadPool.java:525)
> > Caused by:
> > com.jcraft.jsch.JSchException:
> > connection is closed by foreign host
> > at
> > com.jcraft.jsch.Session.connect(Unknown
> Source)
> > at
> > com.jcraft.jsch.Session.connect(Unknown
> Source)
> > at
> >
> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:45)
> > ... 5 more
> >
> >
> >
> >
> > On Fri, Jul 5, 2013 at 3:27 PM, Balazs
> > Scheidler <bazsi77@gmail.com> wrote:
> > No, I implemented a different
> > multiline style support first
> > (that is not in pe), where
> > continuation lines are
> > indicated by indentation, like
> > mime.
> >
> > Iirc tomcat has this kind of
> > log file. Can you show a
> > sample log entry?
> >
> > The infrastructure for
> > multiline-prefix is also there
> > but not added yet.
> >
> > Let me see the sample, I'll
> > tell if the current solution
> > works or not.
> >
> > On Jul 5, 2013 8:24 PM,
> > "Satish Patel"
> > <satish.txt@gmail.com> wrote:
> > Thanks for reply
> > Balazs,
> >
> >
> > You mean say this
> > feature is available
> > in Open Source Edition
> > (OSE) 3.4? Once after
> > specifying flag
> > "indented-multi-line"
> > i can use
> > multi-line-prefix?
> >
> >
> >
> > On Fri, Jul 5, 2013 at
> > 1:26 PM, Balazs
> > Scheidler
> > <bazsi77@gmail.com>
> > wrote:
> > You have found
> > the PE
> > documentation
> > but I have
> > already ported
> > this to the
> > OSE tree and
> > has been
> > released as
> > part of 3.4.
> >
> > You have to
> > specify
> >
> indented-multi-line as a flag to the file source.
> >
> > On Jul 5, 2013
> > 6:28 PM,
> > "Satish Patel"
> > <
> satish.txt@gmail.com> wrote:
> >
> > We
> > have
> > tomcat
> > shop
> > and at
> > everyone
> know tomcat has a java call trace in logs with tab space but syslog-ng
> doesn't know about it and printing lines as a new line. I have read here
> syslog-ng 3.x does support multi-line logs
> http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html
> >
> >
> > But
> > does
> > this
> > feature
> available in Open Source syslog-ng? If yes then why its not working for me?
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member
> > info:
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ:
> >
> http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info:
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ:
> >
> http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info:
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ:
> >
> http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info:
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ:
> >
> http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info:
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ:
> >
> http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info:
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> >
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130711/9bdf663a/attachment.htm

------------------------------

_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng

End of syslog-ng Digest, Vol 99, Issue 9
****************************************

Yarick Tsagoyko

+1 443 255 2388

Advisory Notice: Email is covered by the Electronic Communications Privacy Act and is legally privileged, but inherently insecure. Content may be subject to alteration: email addresses may incorrectly identify the sender. This email transmission, and any documents, files, or previous email messages attached to it may be privileged and confidential, and are intended only for the use of the recipient(s) named in the address field. If the reader of this message is not an intended recipient, or the employee or agent responsible to deliver it to the recipient, you are hereby notified that any dissemination, distribution, or copying of this message or its contents is strictly prohibited. If you have received this message in error, please notify me by telephone or return email and delete it and any attachments from your computer.