[syslog-ng] Messages concatenated on one line in log file.

Evan Rempel erempel at uvic.ca
Sat Sep 2 01:28:45 CEST 2006 

Is syslong-ng running on the host that produced these messages.
I have a number of hosts running standard syslog, that send thier 
messages to a sylog-ng server, a standard syslog server, and log to 
local files (don't ask why we do all three :-)

The source server that is running standard syslog software seems to 
generate the concatenated messages because the end up in the local 
files, in the standard syslog server, and in the syslong-ng server.


As soon as I replace the standard syslog software on the source server 
with syslog-ng (I am running 1.6 series) this problem goes away.

Evan.

G.W. Haywood wrote:
> Hi folks,
> 
> Using 2.0rc1 I find lines like this in /var/log/messages:
> 
> Sep  1 22:18:32 mail3 	by lists.balabit.hu (Postfix) with ESMTP id 83E8A4C117
> Sep  1 22:18:32 mail3 	for <ged at jubileegroup.co.uk>; Fri,  1 Sep 2006 23:18:17 +0200 (CEST)')<31>Sep  1 22:18:32 milter-regex[20073]: 212.92.18.33: cb_header('MIME-Version', '1.0')
> Sep  1 22:18:32 mail3 	<syslog-ng.lists.balabit.hu>')<31>Sep  1 22:18:32 milter-regex[20073]: 212.92.18.33: cb_header('X-List-Administrivia', 'yes')
> 
> Sorry if the three lines above wrap for you.  I haven't attempted to
> break them.  They are imported using an editor, not copy-n-paste, so
> that non-printing characters are reproduced correctly in the mail.
> Each line above has a tab character after the string "mail3 ", which
> is the hostname followed by a single space.
> 
> There are two problems.  First, these lines shouldn't be written to
> this log at all.  Second, some of the lines are being concatenated
> onto a single line instead of being written to two lines.  Instead of
> three lines above, there should have been five lines.  The <facility,
> priority> info is visible at the points where the lines are joined.
> 
> The lines that you see here are produced by a sendmail milter called
> 'milter-regex' which is supposed to be logging with facility 'daemon'
> and according to the syslog-ng configuration messages from this milter
> should not appear in the 'messages' file at all.  Most of them don't
> (milter-regex is producing a _lot_ of output), but mail message header
> continuation lines do.  A log message following a header continuation
> line is concatenated to it, and the filter doesn't seem to notice it.
> The lines that incorrectly appear in 'messages' do not appear in the
> correct file, which is 'mail.milter-regex' in the config below.
> 
> Any ideas?
> 
> --
> 
> 73,
> Ged.
> 
> ===========================================================================
> # Relevant extracts from configuration:
> ===========================================================================
> options {long_hostnames(off);sync(0);perm(0640);stats(3600);mark_freq(0);};
> source src { internal(); unix-dgram("/dev/log"); };
> ...
> # output from milter-regex is facility daemon
> filter f_mailmrx     { facility(daemon); };
> # facility daemon should not go to 'messages'
> filter f_messages    { not facility(news, mail, daemon) and not ...  };
> # most facility daemon messages are correctly written to 'mail.milter-regex'
> destination mailmrx  { file("/var/log/mail.milter-regex"); };
> # but some make it to 'messages'
> destination messages { file("/var/log/messages");          };
> ...
> log { source(src); filter(f_mailmrx);    destination(mailmrx);   };
> log { source(src); filter(f_messages);   destination(messages);  };
> ...
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>

More information about the syslog-ng mailing list