Updating my answer after looking into this more.
This seems to a limit with /usr/bin/logger
, which is expected to conform with the syslog RFCs. http://www.faqs.org/rfcs/rfc3164.html says:
The total length of
the packet MUST be 1024 bytes or less.
If you to send more then 1024 characters to syslog via the commandline (outside of Apache), you'll run into this same limit.
Keep in mind that the 1024 character limit probably exists elsewhere. I think the maximum size for a HTTP GET is 1024 characters, and I seem to recall that some printf library routines have a hard limit of 1024 characters (There was a security alert a couple years ago regarding the 1024 character limit regarding some syslog/ string printing utilities, if I remember right). So, it seems that your options are:
3) Try to stop your HTTP applications from writting long log messages. This is easier said then done.
1) Recompile logger
and increase this limit. If you do this, keep in mind that you're changing a core utility and this may result in unexpected behavior. To mitigate this, put this utility in /usr/local/bin or /opt/bin. Do not replace /usr/bin/logger
.
2) Don't send from Apache to syslog. Something like the following should work around the 1024-character limit, since this doesn't use syslog.
CustomLog logs/access_log
4) http://www.oreillynet.com/pub/a/sysadmin/2006/10/12/httpd-syslog.html uses sys::syslog
and seems to be a reasonable alternative to /usr/bin/logger
. You need to check sys::syslog for this same 1024 character limit. It's Perl, and should be easy to override.
Old answer:
It looks like this limit is tunable within syslog-ng, according to http://www.campin.net/syslog-ng/faq.html
syslog defaults to 1024 byte long messages, but this value is tunable
in syslog-ng 1.5 where you can set it to a higher value.
options { log_msg_size(8192); };
Most likely you are running into a bug/limitation of SysLogHandler that leads to a BOM inserted in the wrong place. This confuses the rsyslog parser, and leads to the message being attributed the EMERG priority.
This has been "fixed" in Python 2.7 by removing the BOM insertion altogether.
You have two options:
- Upgrade to Python 2.7
Encode the message into a str
during formatting to workaround the BOM insertion code. One way of doing that is to implement a small custom formatter like this:
class BOMLessFormatter(logging.Formatter):
def format(self, record):
return logging.Formatter.format(self, record).encode('utf-8')
Best Answer
Ok, I solved this problem myself. Apperantly, the creators of syslog-ng have changed it a bit in the new version (3.0), which I use syslog-ng 3.3. In order to display the log messages with application name, we have to include
$MSGHDR
directive with$MSG
. Example template will be like:From now on, the syslog-ng will log like this:
Dec 15 15:22:01 2012 fw_update_app: fw dir found