Hi, I'm sure the subject looks familiar, and indeed I found a lot of Q&As regarding how to send multiline logs over syslog. But I still don't see a good solution, so I'm opening yet another thread.
The only solution I found so far (credits go to David) was to escape newline characters and un-escape them while reading the logs. I'd like to index logs in Elasticsearch, so I'd prefer to store them with the proper newline. Can I un-escape the newline in the template when I build the JSON to send to ES? Either way, how would one: - log a multi-line log to syslog from an application? - configure rsyslog to read multi-line logs from a file (ie: stacktraces, if the line begins with the space, it belongs to the same event as the previous line) - forward multi-line logs from one rsyslog to another My understanding is that \n is normally a delimiter between log messages. Does that only apply to TCP syslog? What about UDP or TLS? Can multiple lines fit in one packet and be treated as a single event? Finally, is there any difference between RFC 3164 and RFC 5424 syslog for multi-line logs? Thanks and best regards, Radu _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
