[syslog-ng] Multiple syslog messages in one tcp packet
Patrick H.
syslogng at feystorm.net
Tue Oct 12 00:27:59 CEST 2010
What you might try is to create a filter that takes all incoming data on
the tcp socket, replaces ^M with \n, and then pipes it back into another
source driver (socket, pipe, whatever) for syslog-ng to process again,
but without the filter expression (^M is probably \r as thats what most
editors will display \r as).
I'm not sure if that'll work, but I think it should.
-Patrick
Sent: Mon Oct 11 2010 15:48:53 GMT-0600 (Mountain Daylight Time)
From: Lee, Steve <steve.lee at emory.edu>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Multiple syslog messages in one tcp packet
> I’ve got a Windows syslog client (from Q1 Labs) that wants to send multiple syslog messages within a single tcp packet to syslog-ng. The messages file on the syslog-ng side looks like this (Note the “^M<13>” separating the individual messages):
>
> [user] [notice] Oct 11 16:25:05 10.40.3.16 10.40.3.16 ation_logfile.txt Payload=server.Emory.Edu, The Operations Manager agent processes are using too much processor time SEVERITY:2 STATE: New; Custom Oct 11 15:15:58^M<13>Oct 11 15:17:58 server2.emory.edu AgentDevice=FileForwarder AgentLogFile=logfile.txt Payload=Microsoft.SystemCenter.AgentWatchersGroup, Health Service Heartbeat Failure SEVERITY:2 STATE: New; StateCollection Oct 11 15:17:58^M<13>Oct 11 15:19:58 server2.emory.edu AgentDevice=FileForwarder AgentLogFile= logfile.txt Payload=Microsoft.SystemCenter.AgentWatchersGroup, Health Service Heartbeat Failure SEVERITY:2 STATE: Closed; StateCollection Oct 11 15:19:58^M
>
> Is it possible to configure syslog-ng to separate the messages out into individual ones like these?
>
> [user] [notice] Oct 11 16:25:05 10.40.3.16 10.40.3.16 ation_logfile.txt Payload=server.Emory.Edu, The Operations Manager agent processes are using too much processor time SEVERITY:2 STATE: New; Custom Oct 11 15:15:58
> [user] [notice] Oct 11 15:17:58 server2.emory.edu AgentDevice=FileForwarder AgentLogFile=logfile.txt Payload=Microsoft.SystemCenter.AgentWatchersGroup, Health Service Heartbeat Failure SEVERITY:2 STATE: New; StateCollection Oct 11 15:17:58
> [user] [notice] Oct 11 15:19:58 server2.emory.edu AgentDevice=FileForwarder AgentLogFile= logfile.txt Payload=Microsoft.SystemCenter.AgentWatchersGroup, Health Service Heartbeat Failure SEVERITY:2 STATE: Closed; StateCollection Oct 11 15:19:58
>
> I am using the syslog-ng ose client version 3.0.3.
>
> Thanks.
>
> Steve
>
> -------------
> Steve Lee
> Technical Operations Center
> University Technology Services
> Emory University
> -------------
>
>
> This e-mail message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution
> or copying of this message (including any attachments) is strictly
> prohibited.
>
> If you have received this message in error, please contact
> the sender by reply e-mail message and destroy all copies of the
> original message (including attachments).
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101011/c743809e/attachment.htm
More information about the syslog-ng
mailing list