On Tue, 2011-11-08 at 15:02 +0100, Gergely Nagy wrote:
Swati4 M/TVM/TCS <swati4.m@tcs.com> writes:
Hi All,
When logging multiline messages (simple strings with in-line newlines "\n") our logs only show the first line (ie) before "\n" is encountered and rest of the line after the first newline character("\n") is truncated.
The main issue is that the syslog protocol is line-oriented: each line should be prefixed with a syslog-style header. Your logging function doesn't do that, I believe.
This results in syslog-ng not being able to parse the second line.
There are a few options I can think of: one is to modify your application to send each line as a separate log message (but then they'll appear as separate logs on the output aswell, so this might not be a desirable option).
Another option would be to modify your application to NOT send a syslog message header at all, and use flags(no-parse) on the syslog-ng source side, and a custom parser, if you want to turn the message into something syslog-like.
A third option would be to use an intermediate relay (a script, perhaps) that does some heuristics to discover where a message starts, and strips newlines until it finds another message, then sends the previous over to syslog-ng.
The third would be the easiest, but probably the least performant too. It's the only one that doesn't need changes on the application side, though.
There might be other options aswell, but these are the ones I could think of quickly.
Are you using the syslog() API to fire off this event with an embedded NL in it? Or HS_MAP_INFO_LOG() writes messages to a logfile and then you are tailing that with syslog-ng? If the first, then using unix-dgram() as the local log transport may help you get the NLs inside syslog-ng. In that case each and every datagram sent to /dev/log will be logged as a separate message, even if it contains NLs. unix-stream() doesn't work as in unix-stream NL is used as the record terminator. -- Bazsi