[syslog-ng] Flag "no-multiline" not working on Syslog-ng
VMI X
vmixus at gmail.com
Fri May 8 10:37:57 CEST 2015
unsubscribe
On Fri, May 8, 2015 at 1:37 AM, PÁSZTOR György <
pasztor at linux.gyakg.u-szeged.hu> wrote:
> Hi,
>
> "Sandor Geller" <sandor.geller at ericsson.com> írta 2015-05-08 09:32-kor:
> > Wow, it was really 'low resolution'. Zooming in showed that there isn't
> > any kind of UDP packet fragmentation happening (not surprising, the
>
> That's what, why I asked a pcap file.
> It would required smaller attached file, and would gave us more info.
> I found a new theory, based on: 1 pic ~= 1 Mword
> 1 pcap ~= 1000 pic!
>
> > kernel would reassembele fragments transparently to syslog-ng) but the
> > sender device actually splits the logs into multiple packets so
> > syslog-ng does exactly what it should do. Yet another broken syslog
> > implementation on Cisco's side :(
>
> As basically all of their syslog implementation.
>
> > I'm not aware of how such logs could get concatenated without writing an
> > app which postprocesses the logs.
>
> That's another thing, I asked a pcap file. I gave up.
> Maybe there is a chance to do that with some patterndb magic, where we can
> "process" and "correlate", etc.
>
> Kind regards,
> Gyu
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
*Nullius In Verba*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150508/5ecfe602/attachment.htm
More information about the syslog-ng
mailing list