[syslog-ng]Filtering Large Syslog Messages
Balazs Scheidler
bazsi@balabit.hu
Thu, 30 Jan 2003 09:54:28 +0100
On Wed, Jan 29, 2003 at 02:19:26PM -0500, Brian E. Seppanen wrote:
> Hi Folks:
>
> I have snmptrapd running so that any trap that it receives should be
> logged to local1. I have a filter taking anything received via local1
> to a specific file
>
> filter snmptrap {facility(local1);};
> destination snmptraps { file("/var/log/snmptraps";};
>
> Unfortunately a number of traps are getting cut off at a specific
> point, and the remainder of the trap ends up in syslog and not in the
> proper destination.
>
> I'm running syslog-ng 1.4.17, libol 0.2.24, redhat linux 7.2
syslog defaults to 1024 byte long messages, but this value is tunable in
syslog-ng 1.5 where you can set it to a higher value.
options { log_msg_size(8192); };
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1