Hi, We are receiving on TCP 514, FireEye syslog in XML concise format.
Events appear to be truncated at different lengths. We have tried by increasing max message size but no joy. Please can we have some help? Thank you. $MaxMessageSize 512k $MainMsgQueueSize 100000 # 100000 may be a value to handle burst traffic $RuleSet FIREEYE $template FireEye,"%rawmsg%\n" $InputTCPServerBindRuleset FIREEYE $InputTCPServerRun 514 *.* /media/data/rsyslog/fireeye;FireEye & ~ $RuleSet RSYSLOG_DefaultRuleset And the TCP trace from Wireshark showing entire XML event: http://pastebin.com/2L3UGWtB _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
