[syslog-ng] Multi-line Logs
jrhendri at maine.rr.com
jrhendri at maine.rr.com
Thu Jul 3 17:00:57 CEST 2008
Hi,
I have been following this thread somewhat. I am facing a similar problem with how to handle logs from OpenVMS OPCOM messages. They are also multi-line.
We are having a fowarder written for the VMS side that will send these messages across (still looking at TVP v. UDP and whether or not to place syslog headers in the messages).
The goal is to be able to (at minimum) retain them on the NG box (for log retention) and also forward them as-is to a remote system (for processing by a security operations center).
Currently, one possibility we are considering is to send the messages as UDP without stripping out the newlines (essentially defining a terminal that will receive the messages, and tying this to an outbound UDP socket pointed at the NG logserver.
If you have any thoughts/suggestions, I would appreciate hearing them. If not, I apologize for wasting bandwidth :-)
Thanks!!
Jim Hendrick
GCFW, GCIA, GCIH, GCWN, GCUX
jrhendri at maine.rr.com
More information about the syslog-ng
mailing list