multiline message | Log collection solutions

#1 toreno93 7 years ago

Hello. I have a question.

I get multiline messages

how can I combine into a single line, multiline message ??

for example this message, In this message 4 lines

Jul 21 17:59:10 <14> 1 2016-07-04T00: 53: 02.000000 + 03: 00 node = sec-sflow type = SYSCALL msg = audit (1467579182.055: 3248181): arch = 111

2 syscall = success = yes exit = 4 a0 = 7fc7783127a8 a1 = 2 a2 = a3 = 0 8 items = 1 ppid = 11013 pid = 30363 auid = 0 0 uid = gid = 0 = 0 euid

suid = 0 fsuid = 0 = 0 egid sgid = 0 = 0 fsgid tty = (none) ses = 28 comm = "sshd"

exe = "/ usr / sbin / sshd" key = "root_action"

Thank!

Permalink

#2 b0ti Nxlog ✓ 7 years ago (Last updated 5 years ago )

#1 toreno93

Hello. I have a question. I get multiline messages how can I combine into a single line, multiline message ?? for example this message, In this message 4 lines Jul 21 17:59:10 <14> 1 2016-07-04T00: 53: 02.000000 + 03: 00 node = sec-sflow type = SYSCALL msg = audit (1467579182.055: 3248181): arch = 111 2 syscall = success = yes exit = 4 a0 = 7fc7783127a8 a1 = 2 a2 = a3 = 0 8 items = 1 ppid = 11013 pid = 30363 auid = 0 0 uid = gid = 0 = 0 euid suid = 0 fsuid = 0 = 0 egid sgid = 0 = 0 fsgid tty = (none) ses = 28 comm = "sshd" exe = "/ usr / sbin / sshd" key = "root_action" Thank!

It would be probably the best to configure your syslog daemon to remove linebreaks when it writes the file.

Otherwise I suggest reading the fine manual about xm_multiline, there are a couple examples as well.