On Sun, 2004-09-26 at 23:44, Dmitri Smirnov wrote:
Thanks, Loic,
some important parts of config, skipping filters:
# source local { sun-streams("/dev/log"); internal(); udp(); };
options { use_fqdn(yes); use_dns(yes); dns_cache(yes); keep_hostname(yes); chain_hostnames(no); bad_hostname("^5.*"); sync(0); stats(0); log_fifo_size(1024); log_msg_size(2048); use_time_recvd(yes); dns_cache_expire(36000); dns_cache_expire_failed(3600); dns_cache_size(10000);
};
destination syslog { file("/var/log/syslog" owner(root) group(other) perm(0644) template("$DATE $FULLHOST $FACILITY.$PRIORITY $MESSAGE\n") template_escape(no)); };
log { source(local); filter(filter1_not); filter(filter2_not); filter(filter3_not); filter(filter4_not); filter(filter5_not); destination(syslog); };
In what way are messages corrupted? You said they are concatenated, but could you post an example? It would also be important to check which syslog-ng parts are used, e.g. the message path as it is received from the network. (udp source, sun-stream source) It would also be useful to verify whether it was mangled on the syslog-ng host itself, or it was already mangled before. BTW: it is known that certain kernel messages on Linux might get corrupted, because of the kernel ring-buffer overflow, increasing the ring buffer size can be used to mitigate (but not solve) the problem. -- Bazsi