Open the link I provided, choose your version, and search for multi-line.

On Mar 26, 2017, at 1:48 PM, Traiano Welcome <traiano@gmail.com> wrote:

Is there a direct link ?

...

On Sun, Mar 26, 2017 at 8:06 PM, Nik Ambrosch <nik@ambrosch.com> wrote: Yes - it’s also possible to squish multi-line onto a single line if that suits your needs better.

https://www.balabit.com/support/documentation

...

On Mar 26, 2017, at 10:02 AM, Traiano Welcome <traiano@gmail.com> wrote:

Hi

Does syslog-ng support multiline log messages?

Thanks, Traiano ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Theres also grouping-by() for your usecase for aggregating multiple messages into a single one. On Mar 26, 2017 19:55, "Jim Hendrick" <james.r.hendrick@gmail.com> wrote:

It does if the source does (check the documentation for file() or syslog() options)

I also had a log source that sent related events in separate messages that were interleaved with other messages and ended up using the program() destination to send the logs to a custom handler I wrote.

Essentially I had multiple "keys" for incoming email messages that tied events together like: - a single incoming SMTP session (potentially with multiple messages) - a single message ID with multiple events about the message (recipients, attachments, anti-malware, etc) - a single delivery connection (again with multiple messages) - a single delivery message ID again with multiple events

The program parsed these in realtime incoming stream, building internal data structures (hash of hashes) and when it looked *complete* (including a timeout) for a particular thing it would send the data across as JSON to the destination (Elasticsearch in this case)

So - long answer to your question - Yes - in a few different ways :-)

Best, Jim

On Sun, Mar 26, 2017 at 10:02 AM, Traiano Welcome <traiano@gmail.com> wrote:

...

Hi

Does syslog-ng support multiline log messages?

Thanks, Traiano

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq