[syslog-ng] Syslog-ng on Solaris 9 problem
Balazs Scheidler
bazsi at balabit.hu
Thu Oct 21 17:12:54 CEST 2010
On Thu, 2010-10-21 at 13:51 +0200, Elgin Lorenz wrote:
> Matthew Hall wrote:
> > On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
> >> Thank you for your reply.
> >>
> >> I'm sorry I forgot to mention its syslog-ng-3.0.4.
> >>
> >> I tried the option you suggestet.
> >> It changed the "last message repeated" log entry, this one is correct
> >> now.
> >> The "kernel: kernel: " entry is still wrong.
> >>
> >> The source driver looks like this:
> >>
> >> source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx)
> >> flags(store-legacy-msghdr)); };
> >>
> >> Any other ideas?
> >
> > Could it be you need the same flag set on your other source for the
> > kernel?
> >
>
> Thank you for your reply.
>
> I'm afraid I don't know exactly what you mean.
>
> There is only one source driver for remote sources, it is the above
> mentioned.
>
> The only other source driver is the sun-streams driver for Solaris
> messages:
>
> source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door"));
> internal(); };
>
> It seems to work correctly for all messages.
> Anyway I tried the flag option with this driver, but is doesn't seem to
> accept it, I always get a syntax error.
The question is where those "kernel" messages are coming from? Are those
locally generated or are they coming on the udp source?
--
Bazsi
More information about the syslog-ng
mailing list