Balazs Scheidler wrote:
On Mon, 2010-10-18 at 14:41 +0200, Elgin Lorenz wrote:
Hello experts,
today we switched our syslog-ng server from linux (CentOS 5.5) to a Solaris 9 box. All went well, until I noticed that syslog-ng obviously changes some of the log entries.
Here are the 2 examples I noticed:
Message on the local host: Oct 18 14:19:15 xxx kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138 LEN=215
Message on the syslog-ng server: Oct 18 14:19:15 xxx kernel: kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138 LEN=215
(one "kernel: " added)
Message on the local host: Oct 18 14:03:06 xxx last message repeated 2 times
Message on the syslog-ng server: Oct 18 14:03:06 xxx last: message repeated 2 times
(one ":" added)
On Linux I never saw this behaviour. Until now I couldn't find the mistake. What am I doing wrong? Did anyone else see something like this?
Thanks in advance for your help.
I don't know the syslog-ng version, but can you try: flags(store-legacy-msghdr) flag on your source?
Thank you for your reply. I'm sorry I forgot to mention its syslog-ng-3.0.4. I tried the option you suggestet. It changed the "last message repeated" log entry, this one is correct now. The "kernel: kernel: " entry is still wrong. The source driver looks like this: source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx) flags(store-legacy-msghdr)); }; Any other ideas? Thanks in advance. Kind regards, Elgin Lorenz -- Elgin Lorenz BTU Cottbus Universitaetsrechenzentrum Tel. 0355 693573 E-Mail lorenz@tu-cottbus.de