[syslog-ng]
Message length overflow, line is split, log_msg_size=2048
Kalin KOZHUHAROV
kalin.kozhuharov at jp.adecco.com
Fri Feb 2 06:27:48 CET 2007
Hi there,
For some time I am running syslog-ng as a backend mostly for snare agents on windoze.
I get the following in the log from time to time:
Jan 28 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 28 12:01:33 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
Jan 28 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 29 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 29 12:00:01 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
Jan 29 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 30 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 30 12:00:00 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
Jan 30 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 31 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Jan 31 12:00:01 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
Jan 31 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Feb 1 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Feb 1 12:01:40 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
Feb 1 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
Feb 2 00:12:26 svn01 syslog-ng[12377]: STATS: dropped 0
Feb 2 12:02:20 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
Feb 2 12:12:26 svn01 syslog-ng[12377]: STATS: dropped 0
What does this "Message length overflow" ?
How can I find/log who(=pid or IP) is sending long messages?
Shall I increase log_msg_size? How?
I am using syslog-ng-1.6.9 on Gentoo linux.
The global part of the config:
### {{{ global options
options
{
# hostname setup
chain_hostnames(no);
keep_hostname(no);
use_dns(no);
dns_cache(no);
sync(0);
stats(43200);
create_dirs(yes);
dir_owner(root); dir_group(logop); dir_perm(0750);
owner(root); group(logop); perm(0640);
};
### global options }}}
Some other bits-n-pieces:
source s_network { udp(); };
destination d_ext_by_hosts_ALL
{ file("/var/log/syslog-ng/raw/remote/$YEAR-$MONTH-$DAY/$HOST/ALL"
template("$ISODATE $HOST <$FACILITY.$LEVEL> $MSG\n")
template_escape(no) );
};
log
{
source(s_network);
destination(d_ext_by_hosts_ALL);
};
Googling found only this unanswered mail from this ML:
https://lists.balabit.hu/pipermail/syslog-ng/2005-December/008248.html
Kalin.
--
| A |
| D |
| J |
| P |
More information about the syslog-ng
mailing list