It would be helpful if you could send the original messages as well. Thanks Hari
-- Hari Shreedharan On Wednesday, July 25, 2012 at 12:49 AM, mete wrote: > Hello folks, > > I am using flume-ng for cdh4 (1.10), and i am redirecting syslog output from > a network device to flume-ng. My config is as follows: > test1.channels.mem-chan-1.type = memory > test1.channels.mem-chan-1.capacity = 100000 > test1.channels.mem-chan-1.transactionCapacity = 1000 > > test1.sources.syslog-traffic.channels = mem-chan-1 > test1.sources.syslog-traffic.type = syslogudp > test1.sources.syslog-traffic.port = 5140 > test1.sources.syslog-traffic.bind = test1 > test1.sources.syslog-traffic.eventSize = 10000 > > test1.sinks.file-sink-1.channel = mem-chan-1 > test1.sinks.file-sink-1.type = file_roll > test1.sinks.file-sink-1.sink.directory = /home/cloudera-user/tmp/ > test1.sinks.file-sink-1.rollInterval = 86400 > > test1.channels = mem-chan-1 > test1.sources = syslog-traffic > test1.sinks = file-sink-1 > > > i have a pretty straightforward config with one syslogudp source , a memory > channel and a file sink. > > However, some of the messages i see on the file is like this: > > DEVICE: "some syslog content"@ > DEVICE: "some syslog content"@ > OUT^@ > FIN^@ > RST^@ > RST^@ > OUT^@ > FIN^@ > RST^@ > FIN^@ > FIN^@ > OUT^@ > RST^@ > RST^@ > RST^@ > > > As you can see, some lines are somehow trimmed and does not contain the > entire message. When i redirect same device to syslog-ng there are no issues > like this. > I tried increasing the event size on the syslog source but that did not > change anything at all. > Any ideas on what might be the problem? > Thanks in advance. > > Mete
