On Tue, 8 May 2018, Michael Lopez wrote:
The issue I had in syslogng and which ultimately will be the same issue in rsyslog is when receiving the packet with multiple messages the first message would have a header and the second would not. So what happened is the first message would go to the assigned hostname file but the second message would go to the syslogng server hostname and this is why I was regexing at the network input.
rsyslog works a bit differently, it would have the sending machine's hostname/IP (unless the second line sent looks enough like a log that it thinks part of it is a hostname)
But let's back up a step, what is it that is generating these multi-line logs. Can we fix them at the source so they don't cause grief.
This is the first time I've heard of this particular problem, and while you can apply a custom parser to the TCP input, I don't think it will let you combine multiple lines into one log message.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
