25 August 2010

Truncated syslog messages

This is a surprisingly easy fix to a very irritating problem. My problem was just this: I'm using the system log (syslog/syslogd/logger) for things other than just system messages. If there's a long message, it will get the end chopped off. The log message is too short. This isn't working for me.

I don't even remember where I found all of this, but the problem is that syslogd has a hard limit of 1024 characters per line logged. To raise this limit, all we have to do is find the source file, change that value, recompile, and reinstall. Of course, you must have the system sources on your system to do this. (If you don't for some reason, you could use csup to get them.) I've recently used this very technique in FreeBSD 7.x and it worked like a charm. I think it will work just as well in other versions of FreeBSD, and possibly other OS's as well.

As root, follow these simple steps:
  1. This is pretty safe, but just in case: cp -p /usr/sbin/syslogd /usr/sbin/syslogd.bak
  2. cd /usr/src/usr.sbin/syslogd/
  3. vi syslogd.c
  4. find this line in that file (line 71 for me):

    #define MAXLINE 1024 /* maximum line length */

    ... and change '1024' to the value you need (maybe 2048 or 4096).
  5. make obj && make depend && make && make install
  6. /etc/rc.d/syslogd restart

That's it! You're now supporting longer syslog messages.

This trick is actually old hat. I've seen this problem a long time ago and was aware of this solution. But, I doubled-checked a web search, and I found that unless you already knew some key search terms (like "syslogd.c" or "MAXLINE"), you weren't going to get many useful results. So, I went ahead and wrote this.