[syslog-ng]Re: messages with newlines

[Dmitry Frolov]

Hello,

I found that problem described only occurs if udp packet does not end with \0.
This id little test for it:

#!/usr/bin/perl -w
use strict;
use IO::Socket::INET;

my @msg = ( "<30>Jan 31 13:51:30 Yadda yadda [12345]: Time to die.\ndie now!\n\0",
            "<30>Jan 31 13:51:30 Yadda yadda [12345]: Time to die.\ndie now!\n",
            "<30>Yadda yadda [12345]: Time to die.\ndie now!\n\0" );

my $sock = IO::Socket::INET->new(PeerAddr => 'localhost',
        PeerPort => 514, Proto => 'udp');

foreach (@msg) {
        $sock->send($_);
        $sock->flush();
        sleep(1);
}


Results are following:

1. Message not splitted
Jan 31 13:51:30 localhost yadda[12345]: Time to die. die now!

2. No \0 at the end - message is splitted
Jan 31 13:51:30 localhost yadda[12345]: Time to die.
Jan 31 16:06:09 localhost die now!

3. No timestamp in packet - program name becomes correct
Jan 31 16:06:10 localhost Yadda yadda[12345]: Time to die. die now!

Hope this helps...

On Fri, Jan 31, 2003 at 02:05:36PM +0300, Dmitry Frolov wrote:
> 
> I encountered some problems with syslog-ng 1.5.25, while trying to
> separate logs by program name.
> Our developers often use multiline log messages, stack traces for example.
> The problem is that when multiline message received via network (udp) it is logged
> as several lines, and only first line has program name in it.
> So, when i configure 'program' filter, it only catches first line.

-- 
Dmitry Frolov, Zenon N.S.P. (095) 250-4629, http://www.zenon.net/