[syslog-ng] Problems with short messages
Marc Wiatrowski
mwia at iglass.net
Fri Feb 8 20:19:55 CET 2008
On Fri, 2008-02-08 at 14:11 -0500, Guy Fleegman wrote:
> Hello:
> We have a system that sends messages to syslog-ng (Latest version
> 2.0.8..but this has occurred on all 2.x versions so far)
>
> This is what is happening.... An application has a message that us too
> long for syslog.. .so it breaks the message into 2 separate syslog
> messages. The first one is a length seen in wireshark of 1066 bytes.
>
> The second packet is either 69 or 70 bytes and it it simply the
> leftover characters 0/n/n
>
> The problem is that the filter in my syslog-ng.conf file is not
> catching the second smaller messages Instead of going to the file i
> direct it to. It goes to the default file (which i do not want)
>
> What is causing this packet to not be processed by my filter? Attached
> is a copy of the relevant syslog-ng.conf data as well as the actual
> wireshark trace information
>
> Please advise and thanks !
> -Chris
Have you played with the log_msg_size() option?
More information about the syslog-ng
mailing list