I think the only way you could do that would be to log everything to
disk and then use a tail function - I've been wrong before though :-)
On Sat, Oct 24, 2009 at 8:45 AM, J Carvalho dio...@rmws.net wrote:
Aye! Agn, bad assumption on my part. I assumed syslog-ng would queue while
the receiving
I think the problem may be that sysread is limiting to 1024 because
that is how the RFC defines a syslog message - it's not supposed to
exceed that. Whatever system that's sending messages of 1600 bytes
isn't following the rules of the protocol...shame on them?
In message c0ff067618fca745ac37517023f8c9ac3e94a85...@wp40045.corp.ads,
Ronald San Juan writes:
Scenario:The logfile has lines reaching 1600 characters in length.
rule:
type=singlewiththreshold
ptype=regexp
pattern=(routing.jsp_servlet._dialogs)
desc=$0
action=write - $0
window=10
thresh=10
On Sat, 24 Oct 2009, Clayton Dukes wrote:
I think the problem may be that sysread is limiting to 1024 because
that is how the RFC defines a syslog message - it's not supposed to
exceed that. Whatever system that's sending messages of 1600 bytes
isn't following the rules of the
On Sat, 24 Oct 2009, J Carvalho wrote:
Aye! Agn, bad assumption on my part. I assumed syslog-ng would queue
while the receiving end was offline. Whatever msgs didn't fit into the
queue would drop onto the floor.
if you use TCP for your syslog transport the sender can detect that the
receiver
