Quote Thomas Morin <thomas.morin@ago.fr>: | The precise packets triggering this case [tcpdump and ethereal helped me a | lot here] are UDP syslog packets which are not terminated by a NULL byte, | but which contain one or many NEWLINE bytes inside the message, and after | some of those NEWLINES we find a '<' character (actually because log4j is | used to dump some xml formatted data) : | | <xx>javaProgram: here is the dump:\n<xml stuff>\n<foo/></xml> | | The same UDP datagram with a NULL byte in the end doesn't trigger the | "unparseable log message" error. I actually have another case where this happens : if the UDP syslog message size exceeds the configured log_msg_size, then the same problem happens : message boudaries are not well understood by syslog-ng, and if a "<" appears after a newline, an "unparseable log message" error is triggered. Regards, -Thomas -- == Thomas Morin == Ingénieur Consultant Atlantide - www.ago.fr - thomas.morin@ago.fr == PGP Id:8CEA233D Key FP:503BF6CFD3AE8719377B832A02FB94E08CEA233D --