Balazs Scheidler wrote:
On Thu, 2010-10-21 at 13:51 +0200, Elgin Lorenz wrote:
Matthew Hall wrote:
On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
Thank you for your reply.
I'm sorry I forgot to mention its syslog-ng-3.0.4.
I tried the option you suggestet. It changed the "last message repeated" log entry, this one is correct now. The "kernel: kernel: " entry is still wrong.
The source driver looks like this:
source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx) flags(store-legacy-msghdr)); };
Any other ideas? Could it be you need the same flag set on your other source for the kernel?
Thank you for your reply.
I'm afraid I don't know exactly what you mean.
There is only one source driver for remote sources, it is the above mentioned.
The only other source driver is the sun-streams driver for Solaris messages:
source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); };
It seems to work correctly for all messages. Anyway I tried the flag option with this driver, but is doesn't seem to accept it, I always get a syntax error.
The question is where those "kernel" messages are coming from? Are those locally generated or are they coming on the udp source?
They are coming from remote machines on the udp source. Locally generated messages appear correctly. Kind regards, Elgin Lorenz -- Elgin Lorenz BTU Cottbus Universitaetsrechenzentrum Tel. 0355 693573 E-Mail lorenz@tu-cottbus.de