On the remote syslog target, I observe that some of the received syslog messages are mangled in non-expected ways:
by "payload" I mean a syslog packet containing one single message (line);
neither is one payload truncated at the beginning or at the end;
neither are two payloads concatenated;
it seems that part of the beginning of a payload is followed by some data from the middle of another payload; (the parser I'm using complains that the application name is missing or improperly formatted, but from visual inspection it is clear that there are two messages somehow merged together;)
This happens mainly when the second packet is a large one, larger than the MTU, but smaller than 16K (or so).
(If I replace systemd-netlogd with a simple socat -u unix-recv:/run/systemd/journal/syslog udp:172...:514, the issue seems to disappear. Granted, that uses RFC-3164, and doesn't do any additional processing.)
Sorry for the false alarm. The issue was in the code I was using (I retained the received buffer longer than I was supposed to, and thus it got overwritten).
I've built the latest
v1.4
tag (on an OpenSUSE Leap 15.5), and I've tried to use the following configuration:On the remote syslog target, I observe that some of the received syslog messages are mangled in non-expected ways:
This happens mainly when the second packet is a large one, larger than the MTU, but smaller than 16K (or so).
(If I replace
systemd-netlogd
with a simplesocat -u unix-recv:/run/systemd/journal/syslog udp:172...:514
, the issue seems to disappear. Granted, that uses RFC-3164, and doesn't do any additional processing.)(This issue is related with https://github.com/systemd/systemd/issues/32852)