[syslog-ng] Logs after "\n" are getting truncated

[Gergely Nagy]

Swati4 M/TVM/TCS <swati4.m at tcs.com> writes:

> Hi All,
>
> When logging multiline messages (simple strings with in-line newlines
> "\n") our logs only show the first line (ie) before "\n" is
> encountered and rest of the line after the first newline
> character("\n") is truncated.

The main issue is that the syslog protocol is line-oriented: each line
should be prefixed with a syslog-style header. Your logging function
doesn't do that, I believe.

This results in syslog-ng not being able to parse the second line.

There are a few options I can think of: one is to modify your
application to send each line as a separate log message (but then
they'll appear as separate logs on the output aswell, so this might not
be a desirable option).

Another option would be to modify your application to NOT send a syslog
message header at all, and use flags(no-parse) on the syslog-ng source
side, and a custom parser, if you want to turn the message into
something syslog-like.

A third option would be to use an intermediate relay (a script, perhaps)
that does some heuristics to discover where a message starts, and strips
newlines until it finds another message, then sends the previous over to
syslog-ng.

The third would be the easiest, but probably the least performant
too. It's the only one that doesn't need changes on the application
side, though.

There might be other options aswell, but these are the ones I could
think of quickly.

-- 
|8]