[syslog-ng] Syslog-ng on Solaris 9 problem
Balazs Scheidler
bazsi at balabit.hu
Thu Oct 28 17:32:53 CEST 2010
On Fri, 2010-10-22 at 12:35 +0200, Elgin Lorenz wrote:
> Balazs Scheidler wrote:
> > On Thu, 2010-10-21 at 13:51 +0200, Elgin Lorenz wrote:
> >> Matthew Hall wrote:
> >>> On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
> >>>> Thank you for your reply.
> >>>>
> >>>> I'm sorry I forgot to mention its syslog-ng-3.0.4.
> >>>>
> >>>> I tried the option you suggestet.
> >>>> It changed the "last message repeated" log entry, this one is correct
> >>>> now.
> >>>> The "kernel: kernel: " entry is still wrong.
> >>>>
> >>>> The source driver looks like this:
> >>>>
> >>>> source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx)
> >>>> flags(store-legacy-msghdr)); };
> >>>>
> >>>> Any other ideas?
> >>> Could it be you need the same flag set on your other source for the
> >>> kernel?
> >>>
> >> Thank you for your reply.
> >>
> >> I'm afraid I don't know exactly what you mean.
> >>
> >> There is only one source driver for remote sources, it is the above
> >> mentioned.
> >>
> >> The only other source driver is the sun-streams driver for Solaris
> >> messages:
> >>
> >> source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door"));
> >> internal(); };
> >>
> >> It seems to work correctly for all messages.
> >> Anyway I tried the flag option with this driver, but is doesn't seem to
> >> accept it, I always get a syntax error.
> >
> > The question is where those "kernel" messages are coming from? Are those
> > locally generated or are they coming on the udp source?
> >
>
> They are coming from remote machines on the udp source.
> Locally generated messages appear correctly.
But then, those machines probably generate these messages this way in
the first place. Are they using the same configuration?
--
Bazsi
More information about the syslog-ng
mailing list