I think program() is the best bet for you.  I haven't had anything like that happen when using program().  What version of syslog-ng are you using?  I don't think syslog-ng is sending newlines, but your script may be interpreting "silence" from syslog-ng as nothing and appending a newline or something.  If you post a snippet from your script showing how it's reading from syslog-ng, that would help.  It would also help to see the config relevant to the program() destination.

On Thu, Dec 9, 2010 at 12:27 PM, Jay <difficult_id@yahoo.com> wrote:
Have a requirement to convert all incoming syslogs to SNMP traps and send it to another host. One option I could think of is to use program () destination.
 
When I tried this option, I find that syslog-ng is continuously sending newline characters to the specified program. i.e. even when no syslog is received, syslog-ng seems to be pumping newline chars to the specified program.
 
Also I read the warning message in admin guide that, it will open up the door to DOS attack.
 
Could someone let me know the best way to achieve this, please ?
 
Thanks in advance for the help.
John


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html