[syslog-ng](no subject)

Sander de Boer sander@sanderscorner.com
Tue, 31 Dec 2002 19:29:28 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Yes I see it too. I found nothing on the Solaris syslog side to handle th=
is=20
(while using 'standard' syslog, which I must use on these systems). Since=
 I=20
log to a database, I have a SQL query that removes such silly things in t=
he=20
program and host fields.

Sander

On Monday 30 December 2002 23:32, you wrote:
>  Hi!
>
> I am using Linux running Syslog-ng as my logserver, while  the logs for
> each host i have are sent into different directory (and in the director=
y, i
> create files for each facility.priority). My clients platforms (the ser=
vers
> being logged) are:
> 1. Linux (runnig classic syslogd... can't remember which)
> 2. HPUX11i (running the native syslogd)
> 3. Solaris7&8
>
> The mechanism works flowlessly, except for solaris.
>
>
> What happens? If I have a one line log, it works just fine. Syslog-ng
> identifies the host it comes from, and divide the data to files accordi=
ng
> to the rules I mentioned above. When I have a longer logs which takes t=
wo
> lines or more, starting from the 2nd line, syslog-ng doesn't know the  =
the
> message was originated from, and creates  for funny  like: "?DLT"
> "?corrupt" "?See", etc.
> (The ? is actually 1 character or more, which the terminal can't recogn=
ize)
> The word you see, is actually the first word of the actual message.
> If I look at the operation of the native  on solaris, local messages ar=
e
> logged just fine.
>
> I did a little experiment and tried sending logs from one native solari=
s
> syslog to another. It worked just fine (except the fact i can't  into
> hostnames...) I looked at the big  log "/var/adm/messages" (of two host=
s)
> and saw that the "bad" logs, were logged by  the native logger just fin=
e,
> with stating the originating host as it should be in the beginning of t=
he
> line.
>
> I tried simulating this  using the command "logger" with no sucess.
>
> I suspect that   sends the data of each  packet, not  to lines as syslo=
g-ng
> expects and this cause its mechanism to fail recognizing the originatin=
g
> host succesfully.
>
> Did any1 encountered this problem? How did you solve it?
>
> Noam
> tsnoam@excite.com
>
>
> _______________________________________________
> Join Excite! - http://www.excite.com
> The most personalized portal on the Web!

- ----------------------------------------
Content-Type: text/html; charset=3D"us-ascii"; name=3D"Attachment: 1"
Content-Transfer-Encoding: 7bit
Content-Description:=20
- ----------------------------------------

- --=20
My public key is available at http://www.sanderscorner.com/file/pgp-pubke=
y.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+EeIPhNL8OKskREIRAkczAKDCAr46M/vKILNvygJypo+RiUSkfgCgw9y5
d/30tpW80s0veTwl+d/ra0c=3D
=3DrBYu
-----END PGP SIGNATURE-----