[syslog-ng] Syslog-ng on Solaris 9 problem
Elgin Lorenz
lorenz at tu-cottbus.de
Fri Oct 22 12:35:31 CEST 2010
Balazs Scheidler wrote:
> On Thu, 2010-10-21 at 13:51 +0200, Elgin Lorenz wrote:
>> Matthew Hall wrote:
>>> On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
>>>> Thank you for your reply.
>>>>
>>>> I'm sorry I forgot to mention its syslog-ng-3.0.4.
>>>>
>>>> I tried the option you suggestet.
>>>> It changed the "last message repeated" log entry, this one is correct
>>>> now.
>>>> The "kernel: kernel: " entry is still wrong.
>>>>
>>>> The source driver looks like this:
>>>>
>>>> source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx)
>>>> flags(store-legacy-msghdr)); };
>>>>
>>>> Any other ideas?
>>> Could it be you need the same flag set on your other source for the
>>> kernel?
>>>
>> Thank you for your reply.
>>
>> I'm afraid I don't know exactly what you mean.
>>
>> There is only one source driver for remote sources, it is the above
>> mentioned.
>>
>> The only other source driver is the sun-streams driver for Solaris
>> messages:
>>
>> source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door"));
>> internal(); };
>>
>> It seems to work correctly for all messages.
>> Anyway I tried the flag option with this driver, but is doesn't seem to
>> accept it, I always get a syntax error.
>
> The question is where those "kernel" messages are coming from? Are those
> locally generated or are they coming on the udp source?
>
They are coming from remote machines on the udp source.
Locally generated messages appear correctly.
Kind regards,
Elgin Lorenz
--
Elgin Lorenz BTU Cottbus Universitaetsrechenzentrum
Tel. 0355 693573 E-Mail lorenz at tu-cottbus.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6689 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101022/ab4575ac/attachment.bin
More information about the syslog-ng
mailing list