[syslog-ng]Filter for currupt syslog-messages?

Meinecke, Sebastian syslog-ng@lists.balabit.hu
Thu, 24 Apr 2003 16:18:45 +0200


Hello everyone,

I=B4ve set up a Linux box with syslog-ng 1.5.24 running. It is =
configured,
that it puts all syslog-messages from other Unix hosts in the network =
via
the "template"=20
function as a SQL-Statement into a pipe. This pipe is read by a =
mysql-Client
that writes everything into the MySQL-database.


Everything works fine, until I try to stress the system using a tool, =
that
sends corrupt syslog-messages to the Syslog-ng-Server. The result is, =
that
these "corrupt" messages=20
are not written into the database (that=B4s OK; I don=B4t want them =
there...).
But the problem is that syslog-messages arriving a little time before =
or
after the=20
corrupt ones will also not be put into the database, because the =
fragments
of the corrupt SQL-statements that are built out of the corrupt =
messages=20
also damage the "good ones".


So my question: Is there any possibility to filter messages that are =
corrupt
or don=B4t match RFC 3164  via the "filter"-function of syslog-ng?=20
Or does anybody of you know a different solution?

Much thanks in advance,

Sebastian Meinecke