On Thu, Apr 24, 2003 at 04:18:45PM +0200, Meinecke, Sebastian wrote:

Hello everyone,

I´ve set up a Linux box with syslog-ng 1.5.24 running. It is configured, that it puts all syslog-messages from other Unix hosts in the network via the "template" function as a SQL-Statement into a pipe. This pipe is read by a mysql-Client that writes everything into the MySQL-database.

Everything works fine, until I try to stress the system using a tool, that sends corrupt syslog-messages to the Syslog-ng-Server. The result is, that these "corrupt" messages are not written into the database (that´s OK; I don´t want them there...). But the problem is that syslog-messages arriving a little time before or after the corrupt ones will also not be put into the database, because the fragments of the corrupt SQL-statements that are built out of the corrupt messages also damage the "good ones".

So my question: Is there any possibility to filter messages that are corrupt or don´t match RFC 3164 via the "filter"-function of syslog-ng? Or does anybody of you know a different solution?

there were some line reassembling problems in earlier 1.5.x versions. you might try to upgrade first and check whether that version also has some problems. (the latest snapshots of 1.6.0rc2 should be ok) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1