syslog does have an indication of which line type it is at column 2 Table 1. Record Type Codes
Record type Description N Single-line message W Single-line message with a reply M First line of a multiline message O Log command input X Entry from a source other than hardcopy or log command S Continuation of previous line L Label line of a multiline message D Data line of a multiline message E Data/end line of a multiline message *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Wed, Jul 23, 2025 at 10:10 AM Colin Paice < [email protected]> wrote: > I used to have some rexx which processed syslog/joblogs. One of the key > bits was to work from the bottom towards the top. I think I did this > because you do not know how many parts of multi line WTOS there are. > I used to count the unique message instances and flag important messages > "Although this is an ...I message... you need to look at it! > > On Tue, 22 Jul 2025 at 17:42, Michael Oujesky <[email protected]> > wrote: > > > Food for thought: > > > > I have mods to SAMPLIB(IEAMDBLG) that expands the record length to > > 255 and those basically eliminate continuation messages. > > > > I also have some SAS code to search the expanded record length > > log for multiple messages. It also handles MLWTO messages that have > > records from other SYSPLEX images interspersed within the MLWTO text. > > > > Michael > > > > At 06:50 AM 7/22/2025, Lennie Bradshaw wrote: > > >Does anyone have any advice on tools to scan SYSLOG and/or OPERLOG > > >for multiple messages? > > >I am looking for something that understands continuation messages, > > >and the structure of multiline messages. > > > > > >Lennie > > > > > >---------------------------------------------------------------------- > > >For IBM-MAIN subscribe / signoff / archive access instructions, > > >send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
