Hi Evan!

Unfortunately only PE supports multiline timeout as of now, but we hope that this feature will make it to 3.6 OSE. As for the second question, I submitted a pull request which introduces regexp-suffix multiline mode, it does roughly the same that you mentioned. You can check it here: https://github.com/balabit/syslog-ng/pull/120.

Hope I could help,

Viktor

On Tue, Apr 22, 2014 at 9:30 PM, Evan Rempel <erempel@uvic.ca> wrote:

I am having two problems with the multi-line-mode (I am using a pipe source for testing).

1. The last message written to the pipe will not be processed until the start (multi-line-prefix matches)
of the next message is received. This makes messages delay until the next message arrives.

2. The last message the is written to the pipe is lost if syslog-ng is reloaded or restarted.

Is there an option for how long to wait for the "full" message to arrive?
Is there an option to specify what the "LAST" line of the mutli-line message should match?
That way the message is known to be completed.

Thanks for your time.

Evan.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq