Long messages being truncated when sent using syslog_output.

GureenRyuu · **Posted:** Fri Feb 15, 2019 5:28 am

Hey all. We have some rather long messages, around 3000 characters in size. Unfortunately they are being truncated. As you can see in the image below, the end of the field is cut off.

Is it possible to increase the message limit so that they would no longer be truncated? Perhaps using something other than syslog_output?

We’re using the following Ossec 3.1 for log collection, sending messages to a CEF UDP input in Graylog 2.5.

mikeshinn · **Posted:** Tue Feb 19, 2019 5:03 pm

I know in the past this limit was required because not all syslog listeners could handle messages larger than that.

GureenRyuu · **Posted:** Tue Aug 20, 2019 4:29 am

mikeshinn wrote:

I know in the past this limit was required because not all syslog listeners could handle messages larger than that.

Is there a way to work around this? We have long messages being sent and we need them to be sent in full.

mikeshinn · **Posted:** Tue Aug 20, 2019 6:58 pm

Yes the latest version of AEO allows for setting effectively an unlimited limit, just make sure youre using the latest version of AEO.

GureenRyuu · **Posted:** Wed Sep 11, 2019 1:12 am

mikeshinn wrote:

Yes the latest version of AEO allows for setting effectively an unlimited limit, just make sure youre using the latest version of AEO.

I am. Where do I change this setting?

mikeshinn · **Posted:** Wed Sep 11, 2019 10:35 am

Sorry if I wasnt clear, the latest version of AEO has no limit. What version of AEO is the hub using?

Just run this command:

asl -v

Long messages being truncated when sent using syslog_output.

Who is online