[syslog-ng] Syslog messages not stored in separate lines
Dragan Zecevic
dragan.zecevic at live.com
Sun Jan 29 12:54:57 UTC 2023
Hi,
I am collecting logs from a network device. They configured syslog format on their source side to be RFC3164.
On syslog-ng side I am using source and destination like this:
source s_xxx {
network(
ip(0.0.0.0)
transport(tcp)
port(xxx)
flags(store-raw-message)
);
};
destination folder_xxx {
file(
"/xxx/${R_YEAR}${R_MONTH}${R_DAY}/${SOURCEIP}_${HOST}_${R_HOUR}.log"
template("${RAWMSG}\n")
);
};
syslog-ng version 3.34
CentOS Linux release 7.9.2009
The problem is that syslog messages are stored in raw format but not separated in different line. Parity bit of new message starts imidiatelly after previous line -without space or enter.
I have the same config for some other hosts and there log files are created with separate lines. Vendor says they can't change anything on source side.
Do you have any idea what is the cause of this?
Thank you.
Br,
Dragan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230129/69bc6ed8/attachment.htm>
More information about the syslog-ng
mailing list