[syslog-ng] Syslog-ng on Solaris 9 problem

Elgin Lorenz lorenz at tu-cottbus.de
Fri Oct 29 17:10:11 CEST 2010 

Balazs Scheidler wrote:
> On Fri, 2010-10-22 at 12:35 +0200, Elgin Lorenz wrote:
>> Balazs Scheidler wrote:
>>> On Thu, 2010-10-21 at 13:51 +0200, Elgin Lorenz wrote:
>>>> Matthew Hall wrote:
>>>>> On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
>>>>>> Thank you for your reply.
>>>>>>
>>>>>> I'm sorry I forgot to mention its syslog-ng-3.0.4.
>>>>>>
>>>>>> I tried the option you suggestet.
>>>>>> It changed the "last message repeated" log entry, this one is correct
>>>>>> now.
>>>>>> The "kernel: kernel: " entry is still wrong.
>>>>>>
>>>>>> The source driver looks like this:
>>>>>>
>>>>>> source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx)
>>>>>> flags(store-legacy-msghdr)); };
>>>>>>
>>>>>> Any other ideas?
>>>>> Could it be you need the same flag set on your other source for the 
>>>>> kernel?
>>>>>
>>>> Thank you for your reply.
>>>>
>>>> I'm afraid I don't know exactly what you mean.
>>>>
>>>> There is only one source driver for remote sources, it is the above
>>>> mentioned.
>>>>
>>>> The only other source driver is the sun-streams driver for Solaris
>>>> messages:
>>>>
>>>> source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door"));
>>>> internal(); };
>>>>
>>>> It seems to work correctly for all messages.
>>>> Anyway I tried the flag option with this driver, but is doesn't seem to
>>>> accept it, I always get a syntax error.
>>> The question is where those "kernel" messages are coming from? Are those
>>> locally generated or are they coming on the udp source?
>>>
>> They are coming from remote machines on the udp source.
>> Locally generated messages appear correctly.
> 
> But then, those machines probably generate these messages this way in
> the first place. Are they using the same configuration?
> 

The remote machines are configured to store the logs both on their own
system and on the syslog-ng server. The log entries locally stored on
the remote machines are correct. The same log entries delivered to the
syslog-ng server contain the additional entries.

Kind regards,

Elgin Lorenz

-- 
Elgin Lorenz  BTU Cottbus  Universitaetsrechenzentrum
Tel. 0355 693573      E-Mail     lorenz at tu-cottbus.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6689 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101029/3c250e5c/attachment.bin

More information about the syslog-ng mailing list