On Sat, 2012-03-17 at 19:48 +0530, anji prassana wrote:
Hi Balint,
Thanks for your kind reply and sorry for the delay.As i was on leave till today, My reply is delayed.However, I didn't use any template.The Packet data which i had pasted in my previous message is what i received from the application running at the destination end "10.0.15.18" with port 9500;Might be this application is displaying as small letter 'm'. But,Syslog-ng is forwarding with 'M' only to the Destination with multiple messages in a single TCP packet.This is been confirmed through WireShark.Please look into the attached image file captured from Packet Analyzer tool wireshark.
I have attached a file which was captured through wireshark to show you the multiple events forwarded by syslog-ng to the Destination.But, unfortunately it was rejected as it's not under the size limits of Syslog-ng pipermail.
Kindly assist me on How can i configure syslog-ng in order to send only one message per single tcp packet or else having a new line character '\n' at the end of each message.
Please let me know if you need any further information.
syslog-ng doesn't really care about packet boundaries when using TCP, as it is against the spirit of TCP itself, however it must correctly delimit messages using \n, especially if you are not using templates. Are you sure you correctly diagnosed the problem and the '\n' are not there? It might very well happen that the same packet holds two (or more messages), but that's not an issue in itself. The configuration file didn't have a template specification, so this code should apply to your case (quoted from logwriter.c, log_writer_format_log function): const gchar *p; gssize len; if (self->flags & LW_FORMAT_FILE) { log_stamp_format(stamp, result, self->options->template_options.ts_format, time_zone_info_get_offset(self->options->template_options.time_zone_info[LTZ_SEND], stamp->tv_sec), self->options->template_options.frac_digits); } else if (self->flags & LW_FORMAT_PROTO) { g_string_append_c(result, '<'); format_uint32_padded(result, 0, 0, 10, lm->pri); g_string_append_c(result, '>'); /* always use BSD timestamp by default, the use can override this using a custom template */ log_stamp_append_format(stamp, result, TS_FMT_BSD, time_zone_info_get_offset(self->options->template_options.time_zone_info[LTZ_SEND], stamp->tv_sec), self->options->template_options.frac_digits); } g_string_append_c(result, ' '); p = log_msg_get_value(lm, LM_V_HOST, &len); g_string_append_len(result, p, len); g_string_append_c(result, ' '); if ((lm->flags & LF_LEGACY_MSGHDR)) { p = log_msg_get_value(lm, LM_V_LEGACY_MSGHDR, &len); g_string_append_len(result, p, len); } else { p = log_msg_get_value(lm, LM_V_PROGRAM, &len); if (len > 0) { g_string_append_len(result, p, len); p = log_msg_get_value(lm, LM_V_PID, &len); if (len > 0) { g_string_append_c(result, '['); g_string_append_len(result, p, len); g_string_append_c(result, ']'); } g_string_append_len(result, ": ", 2); } } p = log_msg_get_value(lm, LM_V_MESSAGE, &len); g_string_append_len(result, p, len); g_string_append_c(result, '\n'); log_writer_do_padding(self, result); As you can see, the '\n' marker is unconditionally appended at the end of the function. -- Bazsi