It does if the source does (check the documentation for file() or syslog() options)I also had a log source that sent related events in separate messages that were interleaved with other messages and ended up using the program() destination to send the logs to a custom handler I wrote.Essentially I had multiple "keys" for incoming email messages that tied events together like:- a single incoming SMTP session (potentially with multiple messages)- a single message ID with multiple events about the message (recipients, attachments, anti-malware, etc)- a single delivery connection (again with multiple messages)- a single delivery message ID again with multiple eventsThe program parsed these in realtime incoming stream, building internal data structures (hash of hashes) and when it looked *complete* (including a timeout) for a particular thing it would send the data across as JSON to the destination (Elasticsearch in this case)So - long answer to your question - Yes - in a few different ways :-)Best,JimOn Sun, Mar 26, 2017 at 10:02 AM, Traiano Welcome <traiano@gmail.com> wrote:HiDoes syslog-ng support multiline log messages?Thanks,Traiano
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq