Date: Tue, 16 Oct 2007 21:23:42 -0400 (EDT) From: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net> To: matt@gsicomp.on.ca (Matt Emmerton) Cc: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net>, freebsd-questions@freebsd.org Subject: Re: syslog marking sendmail output as "kernel:" Message-ID: <200710170123.l9H1NgfR093351@himinbjorg.tucs-beachin-obx-house.com> In-Reply-To: <00e501c81059$4baa60d0$1200a8c0@hermes>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I understand there isn't a problem with the first one, but then its > > logging > > the second as a "kernel:" entry. My syslog.conf is : > > > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > *.emerg * > > *.debug /var/log/spool > > > > Is there a way to stop that second entry? It keeps tripping my syslog > > monitoring program. > > What release are you running? (Show the output of uname -a) > Its a 5.3 system.... > > It's just a formatting issue. > > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): > > <snip> > > Oct 16 00:00:25 valhalla kernel: <added newline> > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): > > <snip> > > There must be somewhere in the kernel where we're writing to the syslog with > an empty error string. The syslog routines expect a newline-terminated > character string, so the lack of a newline causes the next entry to be on > the same line as the (non-existant) kernel message. > > The trouble will be tracking this down. > But look at it again... Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto@geocities.com> Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto@geocities.com> I didn't wrap the lines this time. Its the SAME message. Once normal, ONCE logged as "kernel". I would believe something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I could see it was completely a lack of new line issue. But why would it log the sm-mta output, then *something* part log a kernel message, THEN re-log out the sm-mta message? I tried to tcpdump port 514 to see if I can see sendmail doing it, but it looks like since its on the local machine it might be using syslogs char special device. How would I debug that (Short of running syslog in debug mode) Thanks, Tuc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710170123.l9H1NgfR093351>