hi,
Today, I upgraded to 1.4.9a on our Solaris log server. Some hours later, my "logcheck clone" reported strange things; our webserver's logs contained lines for netsrvm (part of the Mimer database). However, we do not run Mimer on that machine, but on some others.
Sample log line (host names/IP:s changed):
Nov 24 13:29:08 web.example/web.example netsrvm[15501]: connect from mimerclient.example<30>sshd[9892]: log: Connection from 192.168.1.1 port 57733
The second part could be a correct entry for the web machine.
Please contact me personally if unmodified log lines are needed for some debugging.
can you check if this one fixes your problem: --- /home/bazsi/z/syslog-ng-1.4.9a/src/sources.c Thu Nov 23 09:27:15 2000 +++ sources.c Fri Nov 24 19:08:39 2000 @@ -100,8 +100,8 @@ eol = memchr(closure->buffer, '\0', closure->pos); if (eol == NULL) eol = memchr(closure->buffer, '\n', closure->pos); - if (!eol && closure->pos == MAX_LINE) { - /* our buffer is full, we have to flush it */ + if (!eol && closure->pos) { + /* we don't have a terminating nl nor \0 */ do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen); closure->pos = 0; return ST_OK | ST_GOON; This restores the original behaviour (which I believed to be only used on HP-UXes) (you may have to touch sources.c.x after applying the patch) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt