[syslog-ng] Problem with syslog-ng version 2

Alarie, Maxime Alarie.Maxime at hydro.qc.ca
Wed Aug 31 15:25:33 CEST 2016 

Thanks for the update guys.

I know the version is  old,  problem is I cannot update it since it’s a black box and we would lose support from EMC.  Ill see what I can do.


De : syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] De la part de Scheidler, Balázs
Envoyé : 31 août 2016 05:15
À : Syslog-ng users' and developers' mailing list
Objet : Re: [syslog-ng] Problem with syslog-ng version 2

Courriel provenant de l’externe
ATTENTION, avant d’accéder à une pièce jointe ou à un lien de ce courriel, assurez-vous que celui-ci provient d’un tiers de confiance.
Well, older syslog-ng versions probably folowed the file as it was written, and if only  a partial line was present, it was assumed to be the entire message.
Maybe the application is writing that file one-character at a time?
But I agree with Peter, 2.0.9 is probably a decade old, so in order to properly support your problems, you should definitely upgrade to something newer.

--
Bazsi

On Mon, Aug 29, 2016 at 8:48 PM, Alarie, Maxime <Alarie.Maxime at hydro.qc.ca<mailto:Alarie.Maxime at hydro.qc.ca>> wrote:
OS: SLes 11 sp4
syslog-ng: syslog-ng-2.0.9-27.34.39.2

Hi,
syslog-ng is configured to read from a application log file and then send it to another file in /var/log (tcpdump is not installed, I cant install it on a blackbox so this is how I test my config)
I have the following in my syslog-ng configuration file:
source ESRS {
file("/opt/esrsve/gateway/xGate.log");
};

destination esrsfile{ file("/var/log/max.log" );};



log { source(ESRS);
destination(esrsfile);
};
The problem I am seeing is that when syslog writes to the outputfile (esrsfile) it truncatedthe lines.
ex: Source File : [ 0, 6, 1, 1007] 08-29-2016 13:56:28.703 IMPORTANT INFO EDDEMC: Data Item::PMStatus Current Value::Offline
And the destination file looiks like this:
... ...
Aug 29 14:00:02 hostname C
Aug 29 14:00:02 hostname u
Aug 29 14:00:02 hostname r
Aug 29 14:00:02 hostname r
Aug 29 14:00:02 hostname e
Aug 29 14:00:02 hostname n
Aug 29 14:00:02 hostname t
Aug 29 14:00:02 hostname
Aug 29 14:00:02 hostname V
Aug 29 14:00:02 hostname a
Aug 29 14:00:02 hostname l
Aug 29 14:00:02 hostname u
Aug 29 14:00:02 hostname e
Aug 29 14:00:02 hostname :
Aug 29 14:00:02 hostname :
Aug 29 14:00:02 hostname O
Aug 29 14:00:02 hostname f
Aug 29 14:00:02 hostname f
Aug 29 14:00:02 hostname l
Aug 29 14:00:02 hostname i
Aug 29 14:00:02 hostname n
Aug 29 14:00:02 hostname e
... ...
What am I doing wrong here?


Thanks much!


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160831/7266ebcd/attachment-0001.htm

More information about the syslog-ng mailing list