Hello folks, I am using flume-ng for cdh4 (1.10), and i am redirecting syslog output from a network device to flume-ng. My config is as follows: test1.channels.mem-chan-1.type = memory test1.channels.mem-chan-1.capacity = 100000 test1.channels.mem-chan-1.transactionCapacity = 1000
test1.sources.syslog-traffic.channels = mem-chan-1 test1.sources.syslog-traffic.type = syslogudp test1.sources.syslog-traffic.port = 5140 test1.sources.syslog-traffic.bind = test1 test1.sources.syslog-traffic.eventSize = 10000 test1.sinks.file-sink-1.channel = mem-chan-1 test1.sinks.file-sink-1.type = file_roll test1.sinks.file-sink-1.sink.directory = /home/cloudera-user/tmp/ test1.sinks.file-sink-1.rollInterval = 86400 test1.channels = mem-chan-1 test1.sources = syslog-traffic test1.sinks = file-sink-1 i have a pretty straightforward config with one syslogudp source , a memory channel and a file sink. However, some of the messages i see on the file is like this: DEVICE: "some syslog content"@ DEVICE: "some syslog content"@ OUT^@ FIN^@ RST^@ RST^@ OUT^@ FIN^@ RST^@ FIN^@ FIN^@ OUT^@ RST^@ RST^@ RST^@ As you can see, some lines are somehow trimmed and does not contain the entire message. When i redirect same device to syslog-ng there are no issues like this. I tried increasing the event size on the syslog source but that did not change anything at all. Any ideas on what might be the problem? Thanks in advance. Mete
