Maybe I'm missing something, but your description of "..." followed by
multiple lines of errors, thus split lines and not a single line, is
standard for java logging. Are you sure what you're seeing isn't just
the expected output from java?
Jacob
Quoting Jo Rhett <[email protected]>:
I can't answer your question, but I can give you a spec file for the
latest 5.8 version for CentOS 5 if you want.
On Apr 19, 2012, at 6:30 AM, Florian Crouzat wrote:
This is my first message to the list so please be kind ;)
For the short version of the question, go the bottom.
I'm using CentOS, my tests have been made using 5.6 with
rsyslog-3.22.1-3.el5_6.1 but I aim to install 6.2 with
rsyslog-4.6.2-12.el6.x86_64 ... Old version in both case yeah...
Java log through syslog using a syslog appender in log4j.
I emulated a standard log line format using a log4j pattern, and it
works just fine. Rsyslog add "timestamp %msg" and log4j add
"hostname jboss: blablabla...".
Eg: Apr 19 15:11:10 host.example.com jboss: INFO [ ]
[StandardPctxCacheExitHandler ] - handling standard transaction
expiration for cache id 06570496120419CJ4YAB1
I'm using a log analyser (ossec) who knows how to decode a jboss
log when matching its pattern, but with long-lines, it seems that
something truncate them and create multiple-lines. The first ends
with "...".
It means that each splitted line isn't logged through log4j and
doesn't have the pattern I defined ==> I can't parse it, ossec goes
crazy, and a bunch of stuff don't work.
My question in short: is there a way to tell rsyslogd not to split
my long-lines into different smaller ones ?
I tried 3 different thing:
$template JbossFormattest1,"%timegenerated% %msg:0:$%\n"
$template JbossFormattest3,"%timegenerated% %msg:0:3000%\n"
$template JbossFormattest2,"%timegenerated% %msg:drop-cc:%\n"
Sadly, none of them worked.
I'm hoping for some ENV variables, and not to recompile changing a
#define and/or tweaking my kernel.
In the worst case, I'll extract my dynamic log4j pattern in a
different rsyslog templates per server as %HOSTNAME% would be
localhost.localdomain.
--
Cheers,
Florian Crouzat
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
