On Fri, 26 Jan 2007, Balazs Scheidler wrote:
On Thu, 2007-01-25 at 14:18 -0500, Fran Loehmann wrote:
Hi,
I am new to syslog-ng and have set up a system using eventlog-0.2.5 and syslog-ng-2.0.1
Local sendmail messages seem to have 2 entries together. I am not sure if something is awry with the config included below, but it seems to only happen with the sendmail entries from sendmail running on the log host.
I am trying to write messages to both /var/log/maillog and /var/log/archive/2007-01-25. Messages logged from the sending server seem ok but sendmail running on they log server appear to be on the same line seperated by <22>.
Messages in maillog and 2007-01-25 look the same.
can you strace sendmail (or syslog-ng) as it sends/receives a log message?
on unix-stream transport syslog-ng expects messages to be NL or NUL terminated.
Thanks for your reply: I ran strace -o trc1 -f -ff /usr/local/sbin/syslog-ng and attached the file that seemed to have the sendmail message. I can attach all of the files if needed. Fran