[syslog-ng] cisco tcp syslog weirdness/merkwuerdigkeit
Balazs Scheidler
bazsi at balabit.hu
Wed Aug 22 15:35:36 CEST 2007
On Wed, 2007-08-22 at 08:21 -0400, Blurry wrote:
> Here is a sample, first some nice ones
>
> Jul 25 13:43:04 144.49.126.22/144.49.126.22 GET
> Jul 25 13:43:07 144.49.126.22/144.49.126.22 HELLO
> Jul 25 13:43:13 144.49.126.22/144.49.126.22 quit
>
> then
>
> Aug 20 09:59:13 tcpgateway at thishost syslog-ng[12107]: Message length
> overflow, line is split, log_msg_size=8192
> Aug 20 10:27:53 router01/router01 ernet1/0<191>11463: Aug 20
> 10:25:52.617 EDT: OSPF: rcv. v:2 t:1 l:48
> rid:144.63.255.232<191>11464: aid:144.1.0.0 chk:0 aut:2 keyid:1
> seq:0xC64274 from FastEthernet1/0<191>11465: Aug 20 10:26:02.617 EDT:
> OSPF: rcv. v:2 t:1 l:48 rid:144.63.255.232<191>11466: aid:
> 144.1.0.0 chk:0 aut:2 keyid:1 seq:0xC64276 from
> FastEthernet1/0<191>11467: Aug 20 10:26:12.625 EDT: OSPF: rcv. v:2 t:1
> l:48 rid:144.63.255.232<191>11468: aid:144.1.0.0 chk:0 aut:2
> keyid:1 seq:0xC64278 from FastEthernet1/0<191>11469: Aug 20
> 10:26:22.625 EDT: OSPF: rcv. v:2 t:1 l:48
> rid:144.63.255.232<191>11470: aid:14.1.0.0 chk:0 aut:2
> keyid:1 seq:0xC6427A from
>
> and continues on for a very long time on one line and then cuts off.
> There doesn't seem to be a field sep that I can tell in the file. I
> will try a tcpdump also.
A tcpdump would be helpful, as syslog-ng might filter out some
characters as it writes to the output.
If there's no linetermination, then I'm afraid I cannot help here. The
message itself can contain <NNN> sequences, so I can't split lines
there.
--
Bazsi
More information about the syslog-ng
mailing list