[syslog-ng] Problems with short messages
Guy Fleegman
network.monger at gmail.com
Wed Feb 13 15:12:49 CET 2008
I see what you are saying...
I don't think the length of a packet either 1024 or 69 bytes in length
is causing the problem.
The problem is that the second frame (the 69 byte one) is not going
to the appropriate file.
It is going to the default "catch all" file instead of the one it should be.
If you look at the actual packet code... I believe the applications
part of the header is missing on the 69 byte packet.
Would this cause syslog-ng to dump the packet into the default catch
all file as opposed to the one specified by IP?
Please advise and thanks,
Chris
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs
Scheidler
Sent: Monday, February 11, 2008 4:04 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Problems with short messages
On Sun, 2008-02-10 at 08:03 -0500, Guy Fleegman wrote:
> The first packet is only 1066 bytes long... and the second one is 69.
> I thought that the default log msg size was 8192...so i was not
> thinking that adjusting that in either direction would make a
> difference.... should it?
If it's over your desired length, then you don't need to adjust that.
The problem is that if you're using the UDP transport, messages
terminated by the datagram borders, e.g. each message is a separate
frame.
Syslog-ng will happily process UDP frames over 1024 bytes (even thought
the RFC says that's the limit), so change the sender to send it out with
a single frame.
--
Bazsi
More information about the syslog-ng
mailing list