Balazs Scheidler <bazsi77@gmail.com> writes:
I have one question, does syslog-ng OSE support multiline parsing logs? i have one applications that send multiline messages and syslog-ng save the log of the first line only.
syslog-ng core is multiline aware, however a transport is needed that supports multiline messages.
such a transport is udp(), which has other issues. syslog() with either udp, tcp or tls supports multiline messages.
similarly unix-dgram should work for locally generated multiline messages.
the only missing thing is the ability to read local files and recognize multiline barriers, but Algernon is working on solving this.
It is progressing nicely, and it will be available in syslog-ng 3.4 if all goes well. I already have indented-multiline support in a state I'm reasonably happy with[1], a more flexible solution will be implemented once a few other pending issues are resolved. [1]: https://github.com/algernon/syslog-ng/tree/feature/3.4/indented-multiline Meanwhile, I'd like to ask what kind of multiline logs does your application produce? Can you show a sample, by any chance? That'd help me make sure that the multiline reader I'm working on will work for all kinds of use-cases. Thanks in advance! -- |8]