0

I am trying to get syslog-ng to support postfix's multiple lines. As I understand it, syslog-ng can use the " flags(no-multi-line)" config option, but it is either not working, or I am applying it incorrectly.

My configurations:

Client:

source s_src {
       system();
       internal();
};
filter f_mail { facility(mail) and not filter(f_debug); };
log { source(s_src); filter(f_mail); destination(d_mail); };
destination d_tls {
    tcp("logs.myserver.com" port(999)
    tls( ca_dir("/etc/syslog-ng/ssl/")) );
};

log {
 source(s_src);
 destination(d_tls);
 };

Server:

source s_tls {
        tcp(port(999)
        tls( key_file("/etc/syslog-ng/ssl/logs.key")
                cert_file("/etc/syslog-ng/ssl/logs.crt")
        peer_verify(optional-untrusted))
        flags(no-multi-line) # no worky
        );
};
Clayton Dukes
  • 1,297
  • 2
  • 11
  • 30

1 Answers1

1

From syslog documentations:

no-multi-line: The no-multi-line flag disables line-breaking in the messages; the entire message is converted to a single line. Note that this happens only if the underlying transport method actually supports multi-line messages. Currently the syslog, udp, unix-dgram drivers support multi-line messages; other drivers, for example, the tcp driver does not.

Thus it is not clear how multi-line messages get to your server in the first place. As a workaround, you might put the flag into file parameter:

destination d_farm_cmtslog_debug {
   file("/var/log/cm/cmts.debug" flags(no-multi-line));
};
Arie Skliarouk
  • 423
  • 2
  • 11