[syslog-ng] Syslog-ng on Solaris 9 problem

Elgin Lorenz lorenz at tu-cottbus.de
Wed Oct 20 13:40:44 CEST 2010 

Balazs Scheidler wrote:
> On Mon, 2010-10-18 at 14:41 +0200, Elgin Lorenz wrote:
>> Hello experts,
>>
>> today we switched our syslog-ng server from linux (CentOS 5.5) to a
>> Solaris 9 box. All went well, until I noticed that syslog-ng
>> obviously changes some of the log entries.
>>
>> Here are the 2 examples I noticed:
>>
>> Message on the local host:
>> Oct 18 14:19:15 xxx kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx LEN=235
>> TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138 LEN=215
>>
>> Message on the syslog-ng server:
>> Oct 18 14:19:15 xxx kernel: kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx
>> LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138
>> LEN=215
>>
>> (one "kernel: " added)
>>
>> Message on the local host:
>> Oct 18 14:03:06 xxx last message repeated 2 times
>>
>> Message on the syslog-ng server:
>> Oct 18 14:03:06 xxx last: message repeated 2 times
>>
>> (one ":" added)
>>
>> On Linux I never saw this behaviour.
>> Until now I couldn't find the mistake. What am I doing wrong?
>> Did anyone else see something like this?
>>
>> Thanks in advance for your help.
> 
> I don't know the syslog-ng version, but can you try:
> flags(store-legacy-msghdr) flag on your source?
> 
> 

Thank you for your reply.

I'm sorry I forgot to mention its syslog-ng-3.0.4.

I tried the option you suggestet.
It changed the "last message repeated" log entry, this one is correct
now.
The "kernel: kernel: " entry is still wrong.

The source driver looks like this:

source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx) 
flags(store-legacy-msghdr)); };

Any other ideas?

Thanks in advance.

Kind regards,

Elgin Lorenz

-- 
Elgin Lorenz  BTU Cottbus  Universitaetsrechenzentrum
Tel. 0355 693573      E-Mail     lorenz at tu-cottbus.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6689 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101020/673b0a78/attachment.bin

More information about the syslog-ng mailing list