Anybody? Should I open a new issue?

-Patrick

On 2016/3/28 12:01, Patrick Hemmer wrote:

I raised issue on an existing bug on the github tracker, but it seems to have gone unnoticed, so I'm repeating it here to try and get some attention on the issue.

Using multi-line-mode without the multi-line-suffix option WILL result in message loss.
When syslog-ng is running in multi-line-mode, it buffers multi-line messages until it sees the start of a new message. When it sees the start of a new message, it flushes the buffered message, and puts the first line of the new message in the buffer. However if syslog-ng shuts down, or receives a SIGHUP (reload), any lines currently buffered are discarded. Given that syslog-ng can't stay running forever, and it will get shut down or SIGHUPd eventually, using this feature will result in messages getting lost.

The message on the github issue where I brought this up is: https://github.com/balabit/syslog-ng/issues/140#issuecomment-197673887

-Patrick
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq