Matthew Hall wrote:
On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
Thank you for your reply.
I'm sorry I forgot to mention its syslog-ng-3.0.4.
I tried the option you suggestet. It changed the "last message repeated" log entry, this one is correct now. The "kernel: kernel: " entry is still wrong.
The source driver looks like this:
source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx) flags(store-legacy-msghdr)); };
Any other ideas?
Could it be you need the same flag set on your other source for the kernel?
Thank you for your reply. I'm afraid I don't know exactly what you mean. There is only one source driver for remote sources, it is the above mentioned. The only other source driver is the sun-streams driver for Solaris messages: source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); }; It seems to work correctly for all messages. Anyway I tried the flag option with this driver, but is doesn't seem to accept it, I always get a syntax error. Kind regards, Elgin Lorenz -- Elgin Lorenz BTU Cottbus Universitaetsrechenzentrum Tel. 0355 693573 E-Mail lorenz@tu-cottbus.de