[syslog-ng] help with milti-line-mode 3.5.4.1
Tusa Viktor
tusavik at gmail.com
Tue Apr 22 23:14:08 CEST 2014
Hi Evan!
Unfortunately only PE supports multiline timeout as of now, but we hope
that this feature will make it to 3.6 OSE. As for the second question, I
submitted a pull request which introduces regexp-suffix multiline mode, it
does roughly the same that you mentioned. You can check it here:
https://github.com/balabit/syslog-ng/pull/120.
Hope I could help,
Viktor
On Tue, Apr 22, 2014 at 9:30 PM, Evan Rempel <erempel at uvic.ca> wrote:
>
> I am having two problems with the multi-line-mode (I am using a pipe
> source for testing).
>
>
> 1. The last message written to the pipe will not be processed until the
> start (multi-line-prefix matches)
> of the next message is received. This makes messages delay until the
> next message arrives.
>
> 2. The last message the is written to the pipe is lost if syslog-ng is
> reloaded or restarted.
>
>
>
> Is there an option for how long to wait for the "full" message to arrive?
> Is there an option to specify what the "LAST" line of the mutli-line
> message should match?
> That way the message is known to be completed.
>
> Thanks for your time.
>
> Evan.
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140422/014b418a/attachment.htm
More information about the syslog-ng
mailing list