[syslog-ng] syslog-ng 3.0 seem to chop some of the long lines off

Joe Hansen yrmf250 at yahoo.com
Fri Jun 19 23:32:26 CEST 2009 

The application is custom in-house.  I'm really not sure what RFC they've followed.  However your suggestion about using 'no-multi-line' seems to have take care of the split lines.

Thanks,
Jo

--- On Fri, 6/19/09, Balazs Scheidler <bazsi at balabit.hu> wrote:

From: Balazs Scheidler <bazsi at balabit.hu>
Subject: Re: [syslog-ng] syslog-ng 3.0 seem to chop some of the long lines off
To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
Received: Friday, June 19, 2009, 4:38 AM

On Wed, 2009-06-17 at 12:10 -0700, Joe Hansen wrote:
> We're seeing lines in /var/log/messages that are chopped off.  They
> should look like this:
> 
> [Contents removed]
> 
> Anyone seen this?
> 
> Thanks
> 
> 
> 

Well, can you tell us a little bit more on your configuration? What
protocol do you use on the source side? Do you happen to use the new
RFC5424 style protocol, or the legacy one?

What is generating those messages, can you show us a tcpdump/strace
snippet that shows how that frame is travelling the network?

Also, syslog-ng 3.0 does not remove embedded NL characters by default,
maybe the rest of the message continues on the next line?

You can reenable the previous behaviour by using the 'no-multi-line'
flag for your source or destination (e.g. you can change the multi-line
handling not just for a given source, but also handle the same message
differently in different destinations).

-- 
Bazsi


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html




      __________________________________________________________________
Get a sneak peak at messages with a handy reading pane with All new Yahoo! Mail: http://ca.promos.yahoo.com/newmail/overview2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090619/966c5b75/attachment-0001.htm

More information about the syslog-ng mailing list