I am not sure what to expect from tcp dump, but I don't see much that matches between the log file and the tcp dump file expect hostnames and timestamps. 15:00:14.401603 IP (tos 0x0, ttl 250, id 24720, offset 0, flags [none], proto TC P (6), length 576) router.57230 > loghost.1514: . 40597:41133(536) ack 1 win 4128 15:00:14.415798 IP (tos 0x0, ttl 64, id 48307, offset 0, flags [DF], proto TCP ( 6), length 40) loghost.1514 > router.57230: ., cksum 0x61bb (incorrect (-> 0x0b66), 1:1(0) ack 41133 win 48776 15:00:14.416512 IP (tos 0x0, ttl 250, id 24721, offset 0, flags [none], proto TCP (6), length 571) router.57230 > loghost.1514: P 41133:41664(531) ack 1 win 4128 15:00:14.465815 IP (tos 0x0, ttl 64, id 48308, offset 0, flags [DF], proto TCP ( 6), length 40) loghost.1514 > router.57230: ., cksum 0x61bb (incorrect (-> 0x073b), 1:1(0) ack 41664 win 49312 I still get one very long line in the log file. The router guy says that he just turns on 'TCP; syslog and it all comes in one line. Very frustrating. Thanks
A tcpdump would be helpful, as syslog-ng might filter out some characters as it writes to the output.
If there's no linetermination, then I'm afraid I cannot help here. The message itself can contain <NNN> sequences, so I can't split lines there.