[syslog-ng] concatenated sendmail messages

Fran Loehmann fran at ft.necoxmail.com
Fri Jan 26 18:11:27 CET 2007


On Fri, 26 Jan 2007, Balazs Scheidler wrote:

> On Thu, 2007-01-25 at 14:18 -0500, Fran Loehmann wrote:
> > Hi,
> > 
> > I am new to syslog-ng and have set up a system using
> > eventlog-0.2.5 and syslog-ng-2.0.1
> > 
> > Local sendmail messages seem to have 2 entries together. I am
> > not sure if something is awry with the config included below,
> > but it seems to only happen with the sendmail entries from
> > sendmail running on the log host. 
> > 
> > I am trying to write messages to both /var/log/maillog and
> > /var/log/archive/2007-01-25. Messages logged from the sending
> > server seem ok but sendmail running on they log server appear to
> > be on the same line seperated by <22>. 
> > 
> > Messages in maillog and 2007-01-25 look the same.
> 
> can you strace sendmail (or syslog-ng) as it sends/receives a log
> message?
> 
> on unix-stream transport syslog-ng expects messages to be NL or NUL
> terminated.

In addition to my previous post with the syslog-ng strace
output I've attached what seems to be the relevant file from a
sendmail strace. (I am uncertain if you need all of the strace)

Seeing the following in the strace... 
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 16) = -1 EPROTOTYPE (Protocol wrong type for socket)

... I changed unix-stream("/dev/log"); to unix-dgram("/dev/log");
and the message appears as expected in the log.

Thanks,
Fran

-------------- next part --------------
close(5)                                = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [ALRM CHLD], 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [CHLD], [CHLD], 8) = 0
rt_sigaction(SIGCHLD, {SIG_DFL}, {0x487813, [], SA_RESTORER|SA_RESTART, 0x197898}, 8) = 0
rt_sigaction(SIGHUP, {SIG_DFL}, {0x4c2799, [], SA_RESTORER|SA_RESTART, 0x197898}, 8) = 0
rt_sigaction(SIGTERM, {0x47a577, [], SA_RESTORER|SA_RESTART, 0x197898}, {0x4c26e7, [], SA_RESTORER|SA_RESTART, 0x197898}, 8) = 0
close(4)                                = 0
rt_sigaction(SIGCHLD, {0x487813, [], SA_RESTORER|SA_RESTART, 0x197898}, {SIG_DFL}, 8) = 0
close(8)                                = 0
read(7, "", 1)                          = 0
close(7)                                = 0
open("/etc/hosts", O_RDONLY)            = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=1093, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5b000
read(4, "# Do not remove the following li"..., 4096) = 1093
close(4)                                = 0
munmap(0xb7f5b000, 4096)                = 0
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
dup(6)                                  = 4
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
getsockname(6, {sa_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
open("/etc/hosts", O_RDONLY)            = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=1093, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5b000
read(5, "# Do not remove the following li"..., 4096) = 1093
close(5)                                = 0
munmap(0xb7f5b000, 4096)                = 0
getegid32()                             = 51
setgroups32(1, [51])                    = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff6aac8) = -1 EINVAL (Invalid argument)
getpeername(6, {sa_family=AF_INET, sin_port=htons(32839), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
open("/etc/hosts", O_RDONLY)            = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=1093, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5b000
read(5, "# Do not remove the following li"..., 4096) = 1093
close(5)                                = 0
munmap(0xb7f5b000, 4096)                = 0
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
open("/proc/loadavg", O_RDONLY)         = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(5, "0.00 0.00 0.00 1/59 13129\n", 1024) = 26
close(5)                                = 0
time(NULL)                              = 1169824762
stat64("/etc/mail/access.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
lstat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
geteuid32()                             = 0
lstat64("/etc/mail", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
open("/etc/mail/access.db", O_RDONLY)   = 5
fstat64(5, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
open("/etc/mtab", O_RDONLY)             = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=494, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5b000
read(7, "/dev/mapper/vg00-root / ext3 rw "..., 4096) = 494
close(7)                                = 0
munmap(0xb7f5b000, 4096)                = 0
open("/proc/stat", O_RDONLY)            = 7
fstat64(7, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5b000
read(7, "cpu  3294 93 3065 30873203 10784"..., 1024) = 700
read(7, "", 1024)                       = 0
close(7)                                = 0
munmap(0xb7f5b000, 4096)                = 0
stat64("/etc/mail/access.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
open("/etc/mail/access.db", O_RDONLY|O_LARGEFILE) = 7
fcntl64(7, F_SETFD, FD_CLOEXEC)         = 0
read(7, "\0\0\0\0\1\0\0\0\0\0\0\0a\25\6\0\10\0\0\0\0\20\0\0\0\10"..., 512) = 512
stat64("DB_CONFIG", 0xbff5af40)         = -1 ENOENT (No such file or directory)
open("DB_CONFIG", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
stat64("/var/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0
brk(0x9e08000)                          = 0x9e08000
stat64("__db.002", 0xbff5afd0)          = -1 ENOENT (No such file or directory)
mmap2(NULL, 282624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f07000
open("/etc/mail/access.db", O_RDONLY|O_LARGEFILE) = 8
fcntl64(8, F_SETFD, FD_CLOEXEC)         = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(8, "\0\0\0\0\1\0\0\0\0\0\0\0a\25\6\0\10\0\0\0\0\20\0\0\0\10"..., 4096, 0) = 4096
close(5)                                = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(8, "\0\0\0\0\1\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\4\0\340\17\0\2"..., 4096, 8192) = 4096
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
open("/etc/hosts.allow", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=161, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f06000
read(5, "#\n# hosts.allow\tThis file descri"..., 4096) = 161
read(5, "", 4096)                       = 0
close(5)                                = 0
munmap(0xb7f06000, 4096)                = 0
open("/etc/hosts.deny", O_RDONLY)       = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=347, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f06000
read(5, "#\n# hosts.deny\tThis file describ"..., 4096) = 347
read(5, "", 4096)                       = 0
close(5)                                = 0
munmap(0xb7f06000, 4096)                = 0
dup2(4, 1)                              = 1
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
open("/proc/loadavg", O_RDONLY)         = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(5, "0.00 0.00 0.00 1/59 13129\n", 1024) = 26
close(5)                                = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(8, "\0\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\2\0\344\17\0\2"..., 4096, 4096) = 4096
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
getpeername(6, {sa_family=AF_INET, sin_port=htons(32839), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
getsockname(6, {sa_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
fstat64(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
fstat64(6, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
select(7, [6], NULL, NULL, {0, 0})      = 0 (Timeout)
write(4, "220 secmgmt-cs02.secmgmt.pvt ESM"..., 92) = 92
read(6, 0x9deb078, 1024)                = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169824762, 147546}, NULL) = 0
select(7, [6], NULL, [6], {3600, 0})    = 1 (in [6], left {3600, 0})
gettimeofday({1169824762, 147685}, NULL) = 0
read(6, "EHLO secmgmt-cs02.secmgmt.pvt\r\n", 1024) = 31
fcntl64(4, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(4, F_SETFL, O_RDWR)             = 0
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
select(7, [6], NULL, NULL, {0, 0})      = 0 (Timeout)
write(4, "250-secmgmt-cs02.secmgmt.pvt Hel"..., 218) = 218
read(6, 0x9deb078, 1024)                = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169824762, 148291}, NULL) = 0
select(7, [6], NULL, [6], {3600, 0})    = 1 (in [6], left {3600, 0})
gettimeofday({1169824762, 148432}, NULL) = 0
read(6, "MAIL From:<root at secmgmt-cs02.sec"..., 1024) = 86
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
stat64("/etc/mail/service.switch", 0xbff5c70c) = -1 ENOENT (No such file or directory)
lstat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
geteuid32()                             = 0
lstat64("/etc/mail", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.200.1.4")}, 28) = 0
fcntl64(5, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
gettimeofday({1169824762, 149870}, NULL) = 0
poll([{fd=5, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(5, "\212h\1\0\0\1\0\0\0\0\0\0\fsecmgmt-cs02\7secmgm"..., 42, MSG_NOSIGNAL) = 42
poll([{fd=5, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
recvfrom(5, "\212h\205\200\0\1\0\1\0\1\0\1\fsecmgmt-cs02\7secmgm"..., 8192, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.200.1.4")}, [16]) = 101
close(5)                                = 0
stat64("/etc/mail/virtusertable.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
lstat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
geteuid32()                             = 0
lstat64("/etc/mail", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
open("/etc/mail/virtusertable.db", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
open("/etc/mtab", O_RDONLY)             = 9
fstat64(9, {st_mode=S_IFREG|0644, st_size=494, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f06000
read(9, "/dev/mapper/vg00-root / ext3 rw "..., 4096) = 494
close(9)                                = 0
munmap(0xb7f06000, 4096)                = 0
open("/proc/stat", O_RDONLY)            = 9
fstat64(9, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f06000
read(9, "cpu  3294 93 3067 30873204 10784"..., 1024) = 700
read(9, "", 1024)                       = 0
close(9)                                = 0
munmap(0xb7f06000, 4096)                = 0
stat64("/etc/mail/virtusertable.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
open("/etc/mail/virtusertable.db", O_RDONLY|O_LARGEFILE) = 9
fcntl64(9, F_SETFD, FD_CLOEXEC)         = 0
read(9, "\0\0\0\0\1\0\0\0\0\0\0\0a\25\6\0\10\0\0\0\0\20\0\0\0\10"..., 512) = 512
stat64("DB_CONFIG", 0xbff5e370)         = -1 ENOENT (No such file or directory)
open("DB_CONFIG", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
stat64("/var/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0
stat64("__db.002", 0xbff5e400)          = -1 ENOENT (No such file or directory)
mmap2(NULL, 282624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ec2000
open("/etc/mail/virtusertable.db", O_RDONLY|O_LARGEFILE) = 10
fcntl64(10, F_SETFD, FD_CLOEXEC)        = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(10, "\0\0\0\0\1\0\0\0\0\0\0\0a\25\6\0\10\0\0\0\0\20\0\0\0\10"..., 4096, 0) = 4096
close(5)                                = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(10, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(10, "\0\0\0\0\1\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\2\0"..., 4096, 8192) = 4096
fcntl64(10, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(10, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(10, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
open("/etc/mtab", O_RDONLY)             = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=494, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ec1000
read(5, "/dev/mapper/vg00-root / ext3 rw "..., 4096) = 494
close(5)                                = 0
munmap(0xb7ec1000, 4096)                = 0
open("/proc/stat", O_RDONLY)            = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ec1000
read(5, "cpu  3294 93 3067 30873205 10784"..., 1024) = 700
read(5, "", 1024)                       = 0
close(5)                                = 0
munmap(0xb7ec1000, 4096)                = 0
stat64("/etc/mail/userdb.db", 0xbff658e0) = -1 ENOENT (No such file or directory)
open("/etc/passwd", O_RDONLY)           = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ec1000
read(5, "root:x:0:0:secmgmt-cs02 admin:/r"..., 4096) = 2256
close(5)                                = 0
munmap(0xb7ec1000, 4096)                = 0
time(NULL)                              = 1169824762
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
time(NULL)                              = 1169824762
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
time(NULL)                              = 1169824762
fcntl64(4, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(4, F_SETFL, O_RDWR)             = 0
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
select(7, [6], NULL, NULL, {0, 0})      = 0 (Timeout)
write(4, "250 2.1.0 <root at secmgmt-cs02.sec"..., 56) = 56
read(6, "RCPT To:<loehmanf at secmgmt-cs02.s"..., 1024) = 51
time(NULL)                              = 1169824762
fcntl64(10, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(10, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(10, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(10, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(10, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
time(NULL)                              = 1169824762
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
time(NULL)                              = 1169824762
stat64("/etc/aliases.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
lstat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
geteuid32()                             = 0
open("/etc/aliases.db", O_RDONLY)       = 5
fstat64(5, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
open("/etc/mtab", O_RDONLY)             = 11
fstat64(11, {st_mode=S_IFREG|0644, st_size=494, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ec1000
read(11, "/dev/mapper/vg00-root / ext3 rw "..., 4096) = 494
close(11)                               = 0
munmap(0xb7ec1000, 4096)                = 0
open("/proc/stat", O_RDONLY)            = 11
fstat64(11, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ec1000
read(11, "cpu  3294 93 3068 30873206 10784"..., 1024) = 700
read(11, "", 1024)                      = 0
close(11)                               = 0
munmap(0xb7ec1000, 4096)                = 0
stat64("/etc/aliases.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
open("/etc/aliases.db", O_RDONLY|O_LARGEFILE) = 11
fcntl64(11, F_SETFD, FD_CLOEXEC)        = 0
read(11, "\0\0\0\0\1\0\0\0\0\0\0\0a\25\6\0\10\0\0\0\0\20\0\0\0\10"..., 512) = 512
stat64("DB_CONFIG", 0xbff64760)         = -1 ENOENT (No such file or directory)
open("DB_CONFIG", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
stat64("/var/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0
stat64("__db.002", 0xbff647f0)          = -1 ENOENT (No such file or directory)
mmap2(NULL, 282624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e7d000
open("/etc/aliases.db", O_RDONLY|O_LARGEFILE) = 12
fcntl64(12, F_SETFD, FD_CLOEXEC)        = 0
fstat64(12, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(12, "\0\0\0\0\1\0\0\0\0\0\0\0a\25\6\0\10\0\0\0\0\20\0\0\0\10"..., 4096, 0) = 4096
close(5)                                = 0
fstat64(12, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fstat64(12, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
time(NULL)                              = 1169824762
fcntl64(12, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(12, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
pread64(12, "\0\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0V\0\207\r\0\2\364"..., 4096, 4096) = 4096
fcntl64(12, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
stat64("/etc/aliases", {st_mode=S_IFREG|0644, st_size=1636, ...}) = 0
stat64("/etc/aliases.db", {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(12, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(12, {st_mode=S_IFREG|0640, st_size=12288, ...}) = 0
fcntl64(12, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
open("/etc/passwd", O_RDONLY)           = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e7c000
read(5, "root:x:0:0:secmgmt-cs02 admin:/r"..., 4096) = 2256
close(5)                                = 0
munmap(0xb7e7c000, 4096)                = 0
open("/etc/shells", O_RDONLY)           = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=115, ...}) = 0
read(5, "/bin/sh\n/bin/bash\n/sbin/nologin\n"..., 4096) = 115
close(5)                                = 0
umask(0)                                = 022
umask(022)                              = 0
stat64("./xfl0QFJMKA013129", 0xbff6878c) = -1 ENOENT (No such file or directory)
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
open("/proc/loadavg", O_RDONLY)         = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(5, "0.00 0.00 0.00 1/59 13129\n", 1024) = 26
close(5)                                = 0
fcntl64(4, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(4, F_SETFL, O_RDWR)             = 0
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
select(7, [6], NULL, NULL, {0, 0})      = 0 (Timeout)
write(4, "250 2.1.5 <loehmanf at secmgmt-cs02"..., 113) = 113
read(6, "Received: (from root at localhost)\r"..., 1024) = 388
time(NULL)                              = 1169824762
umask(0)                                = 022
umask(022)                              = 0
stat64("./dfl0QFJMKA013129", 0xbff67dfc) = -1 ENOENT (No such file or directory)
select(7, [6], NULL, NULL, {0, 0})      = 0 (Timeout)
read(6, 0x9deb078, 1024)                = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169824762, 173982}, NULL) = 0
select(7, [6], NULL, [6], {3600, 0})    = 1 (in [6], left {3599, 961000})
gettimeofday({1169824762, 212959}, NULL) = 0
read(6, ".\r\n", 1024)                  = 3
stat64("./dfl0QFJMKA013129", 0xbff67fcc) = -1 ENOENT (No such file or directory)
umask(0)                                = 022
stat64("./dfl0QFJMKA013129", 0xbff66dfc) = -1 ENOENT (No such file or directory)
lstat64(".", {st_mode=S_IFDIR|0700, st_size=12288, ...}) = 0
geteuid32()                             = 0
stat64(".", {st_mode=S_IFDIR|0700, st_size=12288, ...}) = 0
open("./dfl0QFJMKA013129", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
fstat64(5, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
fcntl64(5, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
umask(022)                              = 0
lseek(5, 0, SEEK_SET)                   = 0
write(5, "Fri Jan 26 10:19:22 EST 2007\n", 29) = 29
fsync(5)                                = 0
close(5)                                = 0
time(NULL)                              = 1169824762
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
send(3, "<22>Jan 26 10:19:22 sendmail[131"..., 234, MSG_NOSIGNAL) = -1 ENOTCONN (Transport endpoint is not connected)
close(3)                                = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 16) = -1 EPROTOTYPE (Protocol wrong type for socket)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 16) = 0
send(3, "<22>Jan 26 10:19:22 sendmail[131"..., 234, MSG_NOSIGNAL) = 234
open("./dfl0QFJMKA013129", O_RDONLY)    = 5
open("./qfl0QFJMKA013129", O_WRONLY|O_CREAT|O_EXCL, 0600) = 13
fcntl64(13, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
fcntl64(13, F_GETFL)                    = 0x1 (flags O_WRONLY)
fstat64(13, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
write(13, "V8\nT1169824762\nK0\nN0\nP30379\nFbs\n"..., 885) = 885
fsync(13)                               = 0
fcntl64(4, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(4, F_SETFL, O_RDWR)             = 0
open("/proc/loadavg", O_RDONLY)         = 14
fstat64(14, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(14, "0.00 0.00 0.00 1/59 13129\n", 1024) = 26
close(14)                               = 0
close(5)                                = 0
close(13)                               = 0
unlink("./xfl0QFJMKA013129")            = -1 ENOENT (No such file or directory)
write(4, "250 2.0.0 l0QFJMKA013129 Message"..., 56) = 56
close(11)                               = 0
close(12)                               = 0
munmap(0xb7e7d000, 282624)              = 0
close(7)                                = 0
close(8)                                = 0
munmap(0xb7f07000, 282624)              = 0
close(9)                                = 0
close(10)                               = 0
munmap(0xb7ec2000, 282624)              = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f4c928) = 13130
time(NULL) = 1169824762
fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
select(7, [6], NULL, NULL, {0, 0}) = 0 (Timeout)
read(6, 0x9deb078, 1024)                = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1169824762, 258459}, NULL) = 0
select(7, [6], NULL, [6], {3600, 0})                               = 1 (in [6], left {3599, 975000})
gettimeofday({1169824762, 284077}, NULL) = 0
read(6, "QUIT\r\n", 1024)               = 6
fcntl64(4, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(4, F_SETFL, O_RDWR)             = 0
write(4, "221 2.0.0 secmgmt-cs02.secmgmt.p"..., 55) = 55
rt_sigaction(SIGINT, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
time(NULL)                              = 1169824762
rt_sigaction(SIGALRM, {0x504e6d, [], SA_RESTORER|SA_RESTART, 0x197898}, {0x504e6d, [], SA_RESTORER|SA_RESTART, 0x197898}, 8) = 0
alarm(1178)                             = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [ALRM], 8) = 0
close(6)                                = 0
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [ALRM], 8) = 0
kill(13129, SIGALRM)                    = 0
--- SIGALRM (Alarm clock) @ 0 (0) ---
alarm(0)                                = 1178
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
sigreturn()                             = ? (mask now [])
close(0)                                = 0
open("/dev/null", O_RDONLY)             = 0
close(4)                                = 0
open("/dev/null", O_WRONLY)             = 4
dup2(4, 1)                              = 1
dup2(4, 2)                              = 2
close(4)                                = 0
alarm(0)                                = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
time(NULL)                              = 1169824762
lstat64("/var/log/mail/statistics", {st_mode=S_IFREG|0600, st_size=728, ...}) = 0
lstat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/var/log", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
lstat64("/var/log/mail", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
geteuid32()                             = 0
open("/var/log/mail/statistics", O_RDWR) = 4
fstat64(4, {st_mode=S_IFREG|0600, st_size=728, ...}) = 0
fcntl64(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
fstat64(4, {st_mode=S_IFREG|0600, st_size=728, ...}) = 0
read(4, "\336\261\1\0\4\0\0\0\f\7\255E\330\2\0\0\206\0\0\0D\0\0"..., 728) = 728
lseek(4, 0, SEEK_SET)                   = 0
write(4, "\336\261\1\0\4\0\0\0\f\7\255E\330\2\0\0\207\0\0\0D\0\0"..., 728) = 728
close(4)                                = 0
time(NULL)                              = 1169824762
time(NULL)                              = 1169824762
unlink("./dfl0QFJMKB013129")            = -1 ENOENT (No such file or directory)
unlink("./qfl0QFJMKB013129")            = -1 ENOENT (No such file or directory)
unlink("./xfl0QFJMKB013129")            = -1 ENOENT (No such file or directory)
setuid32(0)                             = 0
exit_group(0)                           = ?


More information about the syslog-ng mailing list