syslog-ng-users October 2010 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: Re: [syslog-ng] Syslog-ng on Solaris 9 problem

Re: [syslog-ng] Syslog-ng on Solaris 9 problem

From: Elgin Lorenz <lorenz_at_nospam>
Date: Fri Oct 22 2010 - 10:35:31 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

Balazs Scheidler wrote:
> On Thu, 2010-10-21 at 13:51 +0200, Elgin Lorenz wrote:
>> Matthew Hall wrote:
>>> On Wed, Oct 20, 2010 at 01:40:44PM +0200, Elgin Lorenz wrote:
>>>> Thank you for your reply.
>>>>
>>>> I'm sorry I forgot to mention its syslog-ng-3.0.4.
>>>>
>>>> I tried the option you suggestet.
>>>> It changed the "last message repeated" log entry, this one is correct
>>>> now.
>>>> The "kernel: kernel: " entry is still wrong.
>>>>
>>>> The source driver looks like this:
>>>>
>>>> source s_udp { udp (ip(xxx.xxx.xxx.xxx) port(xxx)
>>>> flags(store-legacy-msghdr)); };
>>>>
>>>> Any other ideas?
>>> Could it be you need the same flag set on your other source for the
>>> kernel?
>>>
>> Thank you for your reply.
>>
>> I'm afraid I don't know exactly what you mean.
>>
>> There is only one source driver for remote sources, it is the above
>> mentioned.
>>
>> The only other source driver is the sun-streams driver for Solaris
>> messages:
>>
>> source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door"));
>> internal(); };
>>
>> It seems to work correctly for all messages.
>> Anyway I tried the flag option with this driver, but is doesn't seem to
>> accept it, I always get a syntax error.
>
> The question is where those "kernel" messages are coming from? Are those
> locally generated or are they coming on the udp source?
>

They are coming from remote machines on the udp source.
Locally generated messages appear correctly.

Kind regards,

Elgin Lorenz

-- Elgin Lorenz BTU Cottbus Universitaetsrechenzentrum Tel. 0355 693573 E-Mail lorenz@tu-cottbus.de

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html