[syslog-ng] Flag "no-multiline" not working on Syslog-ng
Sandor Geller
sandor.geller at ericsson.com
Fri May 8 09:32:52 CEST 2015
Hi,
On 05/07/2015 09:50 PM, Alan Sam wrote:
> Hello All,
>
> Thank you for your response.
>
> The protocol used is: UDP
>
> This is a screenshot that shows that Solaris (where syslog-ng) is
> running receives the log in two diffrent lines. Can this explain why the
> flag "no-multi-linme" in syslog-ng (in Solaris) is not working?
Wow, it was really 'low resolution'. Zooming in showed that there isn't
any kind of UDP packet fragmentation happening (not surprising, the
kernel would reassembele fragments transparently to syslog-ng) but the
sender device actually splits the logs into multiple packets so
syslog-ng does exactly what it should do. Yet another broken syslog
implementation on Cisco's side :(
I'm not aware of how such logs could get concatenated without writing an
app which postprocesses the logs.
Regards,
Sandor
More information about the syslog-ng
mailing list