[syslog-ng]Re: Bad hostname from solaris (added a subject now)

[Noam Meltzer]

--EXCITEBOUNDARY_000__2b4fb2982b5da06b3fb982326c87d9db
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Hi!
It is possible to use syslog-ng on solaris, but not preferable.
I don't like the idea of replacing something core from the system. I'm trying to find a solution for the solaris syslogd, not to replace it with a different product.
As I said: When its one native solaris syslog sending to another, it works flowlessly.

Noam


>Can you replace the Solaris syslog with syslog-ng?


>Aaron


>On Monday, December 30, 2002, at 05:32 PM, Noam Meltzer wrote:


>>Hi!


>>I am using Linux running Syslog-ng as my logserver, while the logs for
>>each host i have are sent into different directory (and in the
directory, i create files for each facility.priority).

>>My clients platforms (the servers being logged) are:

>>1. Linux (runnig classic syslogd... can't remember which)

>>2. HPUX11i (running the native syslogd)

>>3. Solaris7&8


>>The mechanism works flowlessly, except for solaris.



>>What happens? If I have a one line log, it works just fine. Syslog-ng
>>identifies the host it comes from, and divide the data to files
according to the rules I mentioned above.

>>When I have a longer logs which takes two lines or more, starting from
>>the 2nd line, syslog-ng doesn't know the the message was originated
from, and creates for funny like:

>>"?DLT" "?corrupt" "?See", etc.

>>(The ? is actually 1 character or more, which the terminal can't
recognize)

>>The word you see, is actually the first word of the actual message.

>>If I look at the operation of the native on solaris, local messages
are logged just fine.


>>I did a little experiment and tried sending logs from one native
solaris syslog to another. It worked just fine (except the fact i
can't into hostnames...)

>>I looked at the big log "/var/adm/messages" (of two hosts) and saw
that the "bad" logs, were logged by the native logger just fine, with
stating the originating host as it should be in the beginning of the
line.


>>I tried simulating this using the command "logger" with no sucess.


>>I suspect that sends the data of each packet, not to lines as
syslog-ng expects and this cause its mechanism to fail recognizing the
originating host succesfully.


>>Did any1 encountered this problem? How did you solve it?


>>Noam

>>tsnoam@excite.com

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

--EXCITEBOUNDARY_000__2b4fb2982b5da06b3fb982326c87d9db
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Hi!<br>It is possible to use syslog-ng on solaris, but not preferable.<br>I don't like the idea of replacing something core from the system. I'm trying to find a solution for the solaris syslogd, not to replace it with a different product.<br>As I said: When its one native solaris syslog sending to another, it works flowlessly.<br><br>Noam<br><br><br>>Can you replace the Solaris syslog with syslog-ng?<br><br><br>>Aaron<br><br><br>>On Monday, December 30, 2002, at 05:32 PM, Noam Meltzer wrote:<br><br><br>>>Hi!<br><br><br>>>I am using Linux running Syslog-ng as my logserver, while the logs for<br>>>each host i have are sent into different directory (and in the<br>directory, i create files for each facility.priority).<br><br>>>My clients platforms (the servers being logged) are:<br><br>>>1. Linux (runnig classic syslogd... can't remember which)<br><br>>>2. HPUX11i (running the native syslogd)<br><br>>>3. Solaris7&8<br><br><br>>>The mechanism works flowlessly, except for solaris.<br><br><br><br>>>What happens? If I have a one line log, it works just fine. Syslog-ng<br>>>identifies the host it comes from, and divide the data to files<br>according to the rules I mentioned above.<br><br>>>When I have a longer logs which takes two lines or more, starting from<br>>>the 2nd line, syslog-ng doesn't know the the message was originated<br>from, and creates for funny like:<br><br>>>"?DLT" "?corrupt" "?See", etc.<br><br>>>(The ? is actually 1 character or more, which the terminal can't<br>recognize)<br><br>>>The word you see, is actually the first word of the actual message.<br><br>>>If I look at the operation of the native on solaris, local messages<br>are logged just fine.<br><br><br>>>I did a little experiment and tried sending logs from one native<br>solaris syslog to another. It worked just fine (except the fact i<br>can't into hostnames...)<br><br>>>I looked at the big log "/var/adm/messages" (of two hosts) and saw<br>that the "bad" logs, were logged by the native logger just fine, with<br>stating the originating host as it should be in the beginning of the<br>line.<br><br><br>>>I tried simulating this using the command "logger" with no sucess.<br><br><br>>>I suspect that sends the data of each packet, not to lines as<br>syslog-ng expects and this cause its mechanism to fail recognizing the<br>originating host succesfully.<br><br><br>>>Did any1 encountered this problem? How did you solve it?<br><br><br>>>Noam<br><br>>>tsnoam@excite.com<p><hr><font size=2 face=geneva><b>Join Excite! - <a href=http://www.excite.com target=_blank>http://www.excite.com</a></b><br>The most personalized portal on the Web!</font>

--EXCITEBOUNDARY_000__2b4fb2982b5da06b3fb982326c87d9db--