[syslog-ng] Syslog-ng OSE multiline messages support

Gergely Nagy algernon at balabit.hu
Thu Oct 25 10:15:37 CEST 2012


Balazs Scheidler <bazsi77 at gmail.com> writes:

>> I have one question, does syslog-ng OSE support multiline parsing logs? 
>> i have one applications that send multiline messages and syslog-ng save
>> the log of the first line only.
>
> syslog-ng core is multiline aware, however a transport is needed that
> supports multiline messages.
>
> such a transport is udp(), which has other issues. syslog() with
> either udp, tcp or tls supports multiline messages.
>
> similarly unix-dgram should work for locally generated multiline
> messages.
>
> the only missing thing is the ability to read local files and
> recognize multiline barriers, but Algernon is working on solving this.

It is progressing nicely, and it will be available in syslog-ng 3.4 if
all goes well. I already have indented-multiline support in a state I'm
reasonably happy with[1], a more flexible solution will be implemented
once a few other pending issues are resolved.

 [1]: https://github.com/algernon/syslog-ng/tree/feature/3.4/indented-multiline

Meanwhile, I'd like to ask what kind of multiline logs does your
application produce? Can you show a sample, by any chance? That'd help
me make sure that the multiline reader I'm working on will work for all
kinds of use-cases.

Thanks in advance!

-- 
|8]



More information about the syslog-ng mailing list