If it's really important to actually test filters that capture the kern facility, send them in over UDP or TCP with telnet or netcat directly. http://www.campin.net/syslog-ng/syslog.html#send_manually You'll just have to work out the decimal equivalent of kern.crit, which would seem to be 0 for kern, and 2 for crit, so <2> (going off http://www.faqs.org/rfcs/rfc3164.html). On Wed, Jul 21, 2010 at 10:48 AM, Patrick H. <syslogng@feystorm.net> wrote:
http://forums.sun.com/thread.jspa?threadID=5431426 This seems very relevant. It would appear that solaris wont let anything other than the kernel write to the kern facility.
Sent: Wednesday, July 21, 2010 11:36:51 AM From: Chuck <chuck.carson@gmail.com> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Is logger an effective test tool on Solaris 10?
I am using the following script to test syslog-ng. (Running this from the same machine as the syslog-ng server):
#!/bin/bash
d=`date '+%y%m%d_%H%M%S'` logger -p kern.debug "__kern.debug__ $d" sleep 1;
d=`date '+%y%m%d_%H%M%S'` logger -p kern.crit "__kern.crit__ $d" sleep 1;
d=`date '+%y%m%d_%H%M%S'` logger -p kern.info "__kern.info__ $d" sleep 1;
However, here is how the messages are being seen within syslog-ng: Jul 21 10:30:35 log01 cars: [ID 702911 user.debug] __kern.debug__ 100721_103035 Jul 21 10:30:36 log01 cars: [ID 702911 user.crit] __kern.crit__ 100721_103036 Jul 21 10:30:37 log01 cars: [ID 702911 user.info] __kern.info__ 100721_103037
The facility is being seen as user and not kern...
Anyone have any ideas? Thx,
________________________________ ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html