[syslog-ng](no subject)
Aaron Jackson
Aaron.Jackson@dc.gov
Mon, 30 Dec 2002 17:37:59 -0500
--Apple-Mail-14-703653430
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
format=flowed
Can you replace the Solaris syslog with syslog-ng?
Aaron
On Monday, December 30, 2002, at 05:32 PM, Noam Meltzer wrote:
> Hi!
>
> I am using Linux running Syslog-ng as my logserver, while the logs for
> each host i have are sent into different directory (and in the
> directory, i create files for each facility.priority).
> My clients platforms (the servers being logged) are:
> 1. Linux (runnig classic syslogd... can't remember which)
> 2. HPUX11i (running the native syslogd)
> 3. Solaris7&8
>
> The mechanism works flowlessly, except for solaris.
>
>
> What happens? If I have a one line log, it works just fine. Syslog-ng
> identifies the host it comes from, and divide the data to files
> according to the rules I mentioned above.
> When I have a longer logs which takes two lines or more, starting from
> the 2nd line, syslog-ng doesn't know the the message was originated
> from, and creates for funny like:
> "?DLT" "?corrupt" "?See", etc.
> (The ? is actually 1 character or more, which the terminal can't
> recognize)
> The word you see, is actually the first word of the actual message.
> If I look at the operation of the native on solaris, local messages
> are logged just fine.
>
> I did a little experiment and tried sending logs from one native
> solaris syslog to another. It worked just fine (except the fact i
> can't into hostnames...)
> I looked at the big log "/var/adm/messages" (of two hosts) and saw
> that the "bad" logs, were logged by the native logger just fine, with
> stating the originating host as it should be in the beginning of the
> line.
>
> I tried simulating this using the command "logger" with no sucess.
>
> I suspect that sends the data of each packet, not to lines as
> syslog-ng expects and this cause its mechanism to fail recognizing the
> originating host succesfully.
>
> Did any1 encountered this problem? How did you solve it?
>
> Noam
> tsnoam@excite.com
>
>
>
<image.tiff>
>
> Join Excite! - http://www.excite.com
> The most personalized portal on the Web!
--Apple-Mail-14-703653430
Content-Transfer-Encoding: 7bit
Content-Type: text/enriched;
charset=US-ASCII
Can you replace the Solaris syslog with syslog-ng?
Aaron
On Monday, December 30, 2002, at 05:32 PM, Noam Meltzer wrote:
<excerpt>Hi!
I am using Linux running Syslog-ng as my logserver, while the logs for
each host i have are sent into different directory (and in the
directory, i create files for each facility.priority).
My clients platforms (the servers being logged) are:
1. Linux (runnig classic syslogd... can't remember which)
2. HPUX11i (running the native syslogd)
3. Solaris7&8
The mechanism works flowlessly, except for solaris.
What happens? If I have a one line log, it works just fine. Syslog-ng
identifies the host it comes from, and divide the data to files
according to the rules I mentioned above.
When I have a longer logs which takes two lines or more, starting from
the 2nd line, syslog-ng doesn't know the the message was originated
from, and creates for funny like:
"?DLT" "?corrupt" "?See", etc.
(The ? is actually 1 character or more, which the terminal can't
recognize)
The word you see, is actually the first word of the actual message.
If I look at the operation of the native on solaris, local messages
are logged just fine.
I did a little experiment and tried sending logs from one native
solaris syslog to another. It worked just fine (except the fact i
can't into hostnames...)
I looked at the big log "/var/adm/messages" (of two hosts) and saw
that the "bad" logs, were logged by the native logger just fine, with
stating the originating host as it should be in the beginning of the
line.
I tried simulating this using the command "logger" with no sucess.
I suspect that sends the data of each packet, not to lines as
syslog-ng expects and this cause its mechanism to fail recognizing the
originating host succesfully.
Did any1 encountered this problem? How did you solve it?
Noam
tsnoam@excite.com
</excerpt><<image.tiff>
<excerpt>
<fontfamily><param>Geneva</param><smaller>Join Excite! -
<underline><color><param>1999,1999,FFFF</param>http://www.excite.com
</color></underline>The most personalized portal on the
Web!</smaller></fontfamily> </excerpt>
--Apple-Mail-14-703653430--