[syslog-ng] Syslog-ng Event Parsing Question
Balazs Scheidler
bazsi at balabit.hu
Fri Aug 12 10:38:10 CEST 2005
On Thu, 2005-08-11 at 20:42 -0500, Stringfellow, William G wrote:
> I am running syslog-ng version 1.6.4 in place of syslogd on Solaris 8.
>
> Getting the following results when receiving syslog events with an
> embedded dash '-':
>
> Actual Event
>
> Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10
> 05:15:21.204 R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has
> overflowed -Traceback= 253274 253414 252B98 2524FC E97CC E75D4 E9974
> 124DDC
>
> Shows up in Syslog log as
>
> Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10
> 05:15:21.204 R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has
> overflowed
>
> Aug 10 04:15:22 <Device Name A>.<Domain Name> 4845: -Traceback= 253274
> 253414 252B98 2524FC E97CC E75D4 E9974 124DDC
Probably it is not the dash but a newline before the dash. If you are
receiving these messages via UDP, then recent syslog-ngs should not care
about embedded newlines, so your message should be on a single line.
--
Bazsi
More information about the syslog-ng
mailing list