Hi, First of all I'd like to say I'm impressed by syslog-ng. I think this is a great software: powerful, configurable and elegant. Thanks for making it free software ! That said, I hope a little bug report can improve the thing.. :) Context: I'm using a syslog plugin written for the log4j package (java logging) to send syslog messages to a central log host (syslog-ng 1.6.0rc3). There is one case where some messages are not properly read by syslog-ng, and which trigger "unparsable log message" errors, though they seem to be properly formed syslog messages. The precise packets triggering this case [tcpdump and ethereal helped me a lot here] are UDP syslog packets which are not terminated by a NULL byte, but which contain one or many NEWLINE bytes inside the message, and after some of those NEWLINES we find a '<' character (actually because log4j is used to dump some xml formatted data) : <xx>javaProgram: here is the dump:\n<xml stuff>\n<foo/></xml> The same UDP datagram with a NULL byte in the end doesn't trigger the "unparseable log message" error. The code in src/sources.c (lines 112-120) seems to use the first newline char as the end of line if it doesn't find a '\0', even if this newline char is not the end of our packet. This makes the < of '<xml' be seen as the start of a syslog message, and syslog-ng then tries to interpret '<xml stuff>' as a syslog standard prefix, which of course fails, so we got this "unparseable log message" error. At least, that's what I would concluded, but I'm not C expert, nor very knowledgeable about syslog-ng. If I read the RFC well, not terminating a syslog message by a NULL byte is fine, so I would say this is a syslog-ng bug. I hope the information provided can help you correct this bug. Cheers, -Thomas PS: this report was already sent a few days ago, but I wasn't subscribed at the time, and the mail was moderated/filtered, and hasn't reached the list yet... -- == Thomas Morin == PGP Id:8CEA233D Key FP:503BF6CFD3AE8719377B832A02FB94E08CEA233D --