I’m trying to work out a problem with the logs from our ESX servers. It seems for one of the logs, the message can overrun some maximum and it dumps the remaining part of the message on to the next line. This is a problem because these message fragments break the organization set via dynafile and of course they don’t parse.
The only thing I can really match on is that the fragment doesn’t lead with a timestamp. I’m wondering if there’s any easy way to drop this message. In writing this out, I’m not sure basing it on timestamp would be the best idea as some messages may not immediately start with one. I’m not sure I can use a variable like timestamp as a condition though. Tim Mori SAS Solutions OnDemand Systems Engineer ▪ Tel: + 1 919 531 1774 ▪ [email protected]<mailto:[email protected]> 100 SAS Campus Drive ▪ Cary ▪ NC ▪ 27513-2414 www.sas.com<http://www.sas.com> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
