[syslog-ng] Syslog-ng on Solaris 9 problem
Balazs Scheidler
bazsi at balabit.hu
Tue Oct 19 16:53:00 CEST 2010
On Mon, 2010-10-18 at 14:41 +0200, Elgin Lorenz wrote:
> Hello experts,
>
> today we switched our syslog-ng server from linux (CentOS 5.5) to a
> Solaris 9 box. All went well, until I noticed that syslog-ng
> obviously changes some of the log entries.
>
> Here are the 2 examples I noticed:
>
> Message on the local host:
> Oct 18 14:19:15 xxx kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx LEN=235
> TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138 LEN=215
>
> Message on the syslog-ng server:
> Oct 18 14:19:15 xxx kernel: kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx
> LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138
> LEN=215
>
> (one "kernel: " added)
>
> Message on the local host:
> Oct 18 14:03:06 xxx last message repeated 2 times
>
> Message on the syslog-ng server:
> Oct 18 14:03:06 xxx last: message repeated 2 times
>
> (one ":" added)
>
> On Linux I never saw this behaviour.
> Until now I couldn't find the mistake. What am I doing wrong?
> Did anyone else see something like this?
>
> Thanks in advance for your help.
I don't know the syslog-ng version, but can you try:
flags(store-legacy-msghdr) flag on your source?
--
Bazsi
More information about the syslog-ng
mailing list