[syslog-ng] Is logger an effective test tool on Solaris 10?
Me
infosec at gmail.com
Wed Jul 21 20:04:07 CEST 2010
If it's really important to actually test filters that capture the
kern facility, send them in over UDP or TCP with telnet or netcat
directly.
http://www.campin.net/syslog-ng/syslog.html#send_manually
You'll just have to work out the decimal equivalent of kern.crit,
which would seem to be 0 for kern, and 2 for crit, so <2> (going off
http://www.faqs.org/rfcs/rfc3164.html).
On Wed, Jul 21, 2010 at 10:48 AM, Patrick H. <syslogng at feystorm.net> wrote:
> http://forums.sun.com/thread.jspa?threadID=5431426
> This seems very relevant. It would appear that solaris wont let anything
> other than the kernel write to the kern facility.
>
> Sent: Wednesday, July 21, 2010 11:36:51 AM
> From: Chuck <chuck.carson at gmail.com>
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Is logger an effective test tool on Solaris 10?
>
> I am using the following script to test syslog-ng. (Running this from the
> same machine as the syslog-ng server):
>
> #!/bin/bash
>
> d=`date '+%y%m%d_%H%M%S'`
> logger -p kern.debug "__kern.debug__ $d"
> sleep 1;
>
>
> d=`date '+%y%m%d_%H%M%S'`
> logger -p kern.crit "__kern.crit__ $d"
> sleep 1;
>
> d=`date '+%y%m%d_%H%M%S'`
> logger -p kern.info "__kern.info__ $d"
> sleep 1;
>
> However, here is how the messages are being seen within syslog-ng:
> Jul 21 10:30:35 log01 cars: [ID 702911 user.debug] __kern.debug__
> 100721_103035
> Jul 21 10:30:36 log01 cars: [ID 702911 user.crit] __kern.crit__
> 100721_103036
> Jul 21 10:30:37 log01 cars: [ID 702911 user.info] __kern.info__
> 100721_103037
>
> The facility is being seen as user and not kern...
>
> Anyone have any ideas?
> Thx,
>
> ________________________________
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
More information about the syslog-ng
mailing list