rsyslog: how to fix the no-line-break issue when receiving CyberArk PAS logs - Red Hat Customer Portal

Issue

When rsyslog processes logs received from CyberArk PAS 3rd party software, rsyslog concatenates the logs
```
May 27 12:27:43 cyberark-system [...]msg=<5>1 2020-05-27T10:26:03Z CYBERARK-SYSTEM CEF:0|Cyber-Ark|Vault|11.1.0000|99|Open File|5|act=Open File suser=XXX fname=[...]
```
In the example above, a message is processed, it should end with msg= field but the next message is concatenated but not processed as a new syslog message, hence 1 2020... text is appended.

Environment

Red Hat Enterprise Linux
- rsyslog
- CyberArk PAS 3rd party software

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)