[syslog-ng] concatenated sendmail messages
Fran Loehmann
fran at ft.necoxmail.com
Fri Jan 26 14:32:12 CET 2007
On Fri, 26 Jan 2007, Balazs Scheidler wrote:
> On Thu, 2007-01-25 at 14:18 -0500, Fran Loehmann wrote:
> > Hi,
> >
> > I am new to syslog-ng and have set up a system using
> > eventlog-0.2.5 and syslog-ng-2.0.1
> >
> > Local sendmail messages seem to have 2 entries together. I am
> > not sure if something is awry with the config included below,
> > but it seems to only happen with the sendmail entries from
> > sendmail running on the log host.
> >
> > I am trying to write messages to both /var/log/maillog and
> > /var/log/archive/2007-01-25. Messages logged from the sending
> > server seem ok but sendmail running on they log server appear to
> > be on the same line seperated by <22>.
> >
> > Messages in maillog and 2007-01-25 look the same.
>
> can you strace sendmail (or syslog-ng) as it sends/receives a log
> message?
>
> on unix-stream transport syslog-ng expects messages to be NL or NUL
> terminated.
Thanks for your reply: I ran
strace -o trc1 -f -ff /usr/local/sbin/syslog-ng
and attached the file that seemed to have the sendmail message.
I can attach all of the files if needed.
Fran
-------------- next part --------------
open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 7
write(7, "3049", 4) = 4
close(7) = 0
open("/dev/null", O_RDONLY) = 7
dup2(7, 0) = 0
close(7) = 0
open("/dev/null", O_WRONLY) = 7
dup2(7, 1) = 1
dup2(7, 2) = 2
close(7) = 0
setsid() = 3049
time(NULL) = 1169749211
gettimeofday({1169749211, 281374}, NULL) = 0
time(NULL) = 1169749211
gettimeofday({1169749211, 281719}, NULL) = 0
gettimeofday({1169749211, 282014}, NULL) = 0
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 4, 0) = 0
uname({sys="Linux", node="secmgmt-cs01", ...}) = 0
gettimeofday({1169749211, 282595}, NULL) = 0
time(NULL) = 1169749211
time(NULL) = 1169749211
open("/var/log/archive/2007-01-25", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY|O_LARGEFILE, 0640) = 7
fcntl64(7, F_GETFD) = 0
fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
fchown32(7, 0, -1) = 0
fchown32(7, -1, 4004) = 0
fchmod(7, 0640) = 0
time(NULL) = 1169749211
time(NULL) = 1169749211
open("/var/log/messages", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 9
fcntl64(9, F_GETFD) = 0
fcntl64(9, F_SETFD, FD_CLOEXEC) = 0
fchown32(9, 0, -1) = 0
fchown32(9, -1, 0) = 0
fchmod(9, 0600) = 0
time(NULL) = 1169749211
gettimeofday({1169749211, 285329}, NULL) = 0
poll([{fd=8, events=POLLOUT, revents=POLLOUT}, {fd=7, events=POLLOUT, revents=POLLOUT}, {fd=9, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 7, 29993) = 3
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(8, "Jan 25 13:20:11 secmgmt-cs01 sys"..., 86) = 86
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(7, "Jan 25 13:20:11 secmgmt-cs01 sys"..., 86) = 86
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(9, "Jan 25 13:20:11 secmgmt-cs01 sys"..., 86) = 86
gettimeofday({1169749211, 286551}, NULL) = 0
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=6, events=POLLIN}], 4, 29992) = 1
gettimeofday({1169749212, 468893}, NULL) = 0
recvfrom(5, "<22>sendmail[4718]: l0PIKCEu0047"..., 8192, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("10.200.1.5")}, [16]) = 158
gettimeofday({1169749212, 469141}, NULL) = 0
time(NULL) = 1169749212
stat64("/etc/hosts", {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
open("/etc/hosts", O_RDONLY) = 10
fstat64(10, {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fba000
read(10, "# Do not remove the following li"..., 4096) = 1272
read(10, "", 4096) = 0
close(10) = 0
munmap(0xb7fba000, 4096) = 0
time(NULL) = 1169749212
gettimeofday({1169749212, 470017}, NULL) = 0
time(NULL) = 1169749212
time(NULL) = 1169749212
recvfrom(5, 0x89d4ba0, 8192, 0, 0xbff52b20, 0xbff52b1c) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169749212, 470300}, NULL) = 0
poll([{fd=8, events=POLLOUT, revents=POLLOUT}, {fd=7, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 6, 28808) = 2
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(8, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 184) = 184
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(7, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 184) = 184
gettimeofday({1169749212, 470861}, NULL) = 0
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN, revents=POLLIN}], 4, 28808) = 1
gettimeofday({1169749212, 564612}, NULL) = 0
recvfrom(5, "<22>sendmail[4721]: l0PIKC3n0047"..., 8192, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("10.200.1.5")}, [16]) = 218
gettimeofday({1169749212, 564842}, NULL) = 0
time(NULL) = 1169749212
stat64("/etc/hosts", {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
open("/etc/hosts", O_RDONLY) = 10
fstat64(10, {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fba000
read(10, "# Do not remove the following li"..., 4096) = 1272
read(10, "", 4096) = 0
close(10) = 0
munmap(0xb7fba000, 4096) = 0
time(NULL) = 1169749212
gettimeofday({1169749212, 565617}, NULL) = 0
time(NULL) = 1169749212
time(NULL) = 1169749212
recvfrom(5, 0x89d4ba0, 8192, 0, 0xbff52b20, 0xbff52b1c) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169749212, 565877}, NULL) = 0
poll([{fd=8, events=POLLOUT, revents=POLLOUT}, {fd=7, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 6, 28713) = 2
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(8, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 244) = 244
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(7, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 244) = 244
gettimeofday({1169749212, 566387}, NULL) = 0
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN, revents=POLLIN}], 4, 28712) = 1
gettimeofday({1169749212, 633688}, NULL) = 0
recvfrom(5, "<22>sendmail[4718]: l0PIKCEu0047"..., 8192, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("10.200.1.5")}, [16]) = 239
gettimeofday({1169749212, 633886}, NULL) = 0
time(NULL) = 1169749212
stat64("/etc/hosts", {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
open("/etc/hosts", O_RDONLY) = 10
fstat64(10, {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fba000
read(10, "# Do not remove the following li"..., 4096) = 1272
read(10, "", 4096) = 0
close(10) = 0
munmap(0xb7fba000, 4096) = 0
time(NULL) = 1169749212
gettimeofday({1169749212, 634696}, NULL) = 0
time(NULL) = 1169749212
time(NULL) = 1169749212
recvfrom(5, 0x89d4ba0, 8192, 0, 0xbff52b20, 0xbff52b1c) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169749212, 634946}, NULL) = 0
poll([{fd=8, events=POLLOUT}, {fd=7, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 6, 28644) = 1
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(7, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 265) = 265
gettimeofday({1169749212, 635312}, NULL) = 0
poll([{fd=8, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 5, 28643) = 1
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(8, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 265) = 265
gettimeofday({1169749212, 659789}, NULL) = 0
poll([{fd=3, events=POLLIN, revents=POLLIN}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 4, 28619) = 1
gettimeofday({1169749212, 730974}, NULL) = 0
accept(3, {sa_family=AF_FILE, path="??H*??&?�� �"}, [2]) = 10
fcntl64(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(10, F_GETFD) = 0
fcntl64(10, F_SETFD, FD_CLOEXEC) = 0
gettimeofday({1169749212, 731618}, NULL) = 0
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}], 5, 28547) = 1
gettimeofday({1169749212, 731913}, NULL) = 0
read(10, "<22>Jan 25 13:20:12 sendmail[305"..., 8192) = 249
read(10, 0x89d8971, 7943) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169749212, 732186}, NULL) = 0
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=10, events=POLLIN}], 5, 28546) = 1
gettimeofday({1169749212, 733119}, NULL) = 0
recvfrom(5, "<22>sendmail[4723]: l0PIKC3n0047"..., 8192, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("10.200.1.5")}, [16]) = 296
gettimeofday({1169749212, 733336}, NULL) = 0
time(NULL) = 1169749212
stat64("/etc/hosts", {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
open("/etc/hosts", O_RDONLY) = 11
fstat64(11, {st_mode=S_IFREG|0644, st_size=1272, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fba000
read(11, "# Do not remove the following li"..., 4096) = 1272
read(11, "", 4096) = 0
close(11) = 0
munmap(0xb7fba000, 4096) = 0
time(NULL) = 1169749212
gettimeofday({1169749212, 735472}, NULL) = 0
time(NULL) = 1169749212
time(NULL) = 1169749212
recvfrom(5, 0x89d4ba0, 8192, 0, 0xbff52b20, 0xbff52b1c) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169749212, 735828}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}, {fd=8, events=POLLOUT, revents=POLLOUT}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}, {fd=10, events=POLLIN}, {fd=5, events=POLLIN}], 7, 28543) = 2
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(8, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 322) = 322
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(7, "Jan 25 13:20:12 secmgmt-cs02 sen"..., 322) = 322
gettimeofday({1169749212, 736450}, NULL) = 0
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}, {fd=10, events=POLLIN, revents=POLLIN}, {fd=5, events=POLLIN}], 5, 28542) = 1
gettimeofday({1169749212, 748503}, NULL) = 0
read(10, "<22>Jan 25 13:20:12 sendmail[305"..., 7943) = 171
gettimeofday({1169749212, 748676}, NULL) = 0
time(NULL) = 1169749212
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
gettimeofday({1169749212, 748997}, NULL) = 0
time(NULL) = 1169749212
time(NULL) = 1169749212
time(NULL) = 1169749212
open("/var/log/maillog", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 11
fcntl64(11, F_GETFD) = 0
fcntl64(11, F_SETFD, FD_CLOEXEC) = 0
fchown32(11, 0, -1) = 0
fchown32(11, -1, 0) = 0
fchmod(11, 0600) = 0
time(NULL) = 1169749212
read(10, 0x89d8878, 8192) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169749212, 749732}, NULL) = 0
poll([{fd=8, events=POLLOUT}, {fd=7, events=POLLOUT, revents=POLLOUT}, {fd=11, events=POLLOUT, revents=POLLOUT}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN}], 8, 28529) = 2
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(7, "Jan 25 13:20:12 secmgmt-cs01 sen"..., 429) = 429
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(11, "Jan 25 13:20:12 secmgmt-cs01 sen"..., 429) = 429
gettimeofday({1169749212, 750268}, NULL) = 0
poll([{fd=8, events=POLLOUT, revents=POLLOUT}, {fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN}], 6, 28528) = 1
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
write(8, "Jan 25 13:20:12 secmgmt-cs01 sen"..., 429) = 429
gettimeofday({1169749212, 761124}, NULL) = 0
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN, revents=POLLIN|POLLHUP}], 5, 28517) = 1
gettimeofday({1169749212, 775603}, NULL) = 0
read(10, "", 8192) = 0
close(10) = 0
gettimeofday({1169749212, 775817}, NULL) = 0
poll(
More information about the syslog-ng
mailing list