[syslog-ng] Message length overflow, line is split, log_msg_size=2048

[Kalin KOZHUHAROV]

Thank you for the quick response!

Balazs Scheidler wrote:
> On Fri, 2007-02-02 at 14:27 +0900, Kalin KOZHUHAROV wrote:
>> Hi there,
>>
>> For some time I am running syslog-ng as a backend mostly for snare agents on windoze.
>>
>> I get the following in the log from time to time:
>> Jan 28 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
>> Jan 28 12:01:33 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
>> Jan 28 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
>> Jan 29 00:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
[snip]
>> Feb  1 12:01:40 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
>> Feb  1 12:12:25 svn01 syslog-ng[12377]: STATS: dropped 0
>> Feb  2 00:12:26 svn01 syslog-ng[12377]: STATS: dropped 0
>> Feb  2 12:02:20 svn01 syslog-ng[12377]: Message length overflow, line is split, log_msg_size=2048
>> Feb  2 12:12:26 svn01 syslog-ng[12377]: STATS: dropped 0
>>
>> What does this "Message length overflow" ?
>> How can I find/log who(=pid or IP) is sending long messages?
> 
> check the logs in your output files that match the timestamp of the
> "message length overflow" message. if you have internal() and normal
> messages in a single file, then the split line is right next to the
> "message length overflow" line.
Well, there is nothing wrong around these lines (nothing looks truncated)
in all the output files and the longest MSG is about 400 characters.
Hmm, that is UTF-8 which means... up to 400x3 = 1200bytes, but still less than 2048.

>> Shall I increase log_msg_size? 
> 
> it's your call. if you don't mind to have garbled messages in your log,
> then not necessarily. increasing log_msg_size() increases memory usage.
> 
>> How?
> 
> log_msg_size() global option.
I just set "log_msg_size(4096);" and will see. The time is a bit after
some cron jobs start around noon, but as I said no message seems to be truncated.

Kalin.
-- 
| A |
| D |
| J |
| P |