Long audit log entries may be truncated when remotely logged via syslog
Last Updated November 04, 2014
When logging audit data to syslog, some very long audit entries appear truncated in the remote syslog file. This is most noticeable when the SUBJECT audit entry contains base 64 encoded data as some log viewers may not recognize the truncated base64 encoded data as the expected character set or a message has a large number of recipients resulting in a large ORCPTS audit entry.
Local audit data stored on the SMG system is unaffected.
Messaging Gateway truncates the audit data at 1024 characters when preparing it for delivery to syslog. This is due to a limitation in syslog which causes messages longer than 1024 bytes to be split across multiple log entries.
The decision to limit remote syslog logging of audit entries in this way was determined to present the best option for continuing to allow syslog logging of log data while respecting the operational limits of common syslog receivers.
The size for individual lines in a remote syslog can now be changed from the default of 1k to 4k in SMG 10.5.3. This feature can be configured under Administration - Settings - Logs - Remote - Allow extended length lines in syslog.
Imported Document ID: TECH215211
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe