From owner-freebsd-questions@FreeBSD.ORG Wed Oct 17 01:23:48 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F22D616A417 for ; Wed, 17 Oct 2007 01:23:48 +0000 (UTC) (envelope-from ml@t-b-o-h.net) Received: from vjofn.tucs-beachin-obx-house.com (vjofn-pt.tunnel.tserv1.fmt.ipv6.he.net [IPv6:2001:470:1f00:ffff::5e5]) by mx1.freebsd.org (Postfix) with ESMTP id 96B5C13C467 for ; Wed, 17 Oct 2007 01:23:48 +0000 (UTC) (envelope-from ml@t-b-o-h.net) Received: from himinbjorg.tucs-beachin-obx-house.com (cpe-68-175-8-11.hvc.res.rr.com [68.175.8.11]) (authenticated bits=0) by vjofn.tucs-beachin-obx-house.com (8.12.9/8.12.9) with ESMTP id l9H1Nl4X019846; Tue, 16 Oct 2007 21:23:47 -0400 (EDT) Received: from himinbjorg.tucs-beachin-obx-house.com (localhost.tucs-beachin-obx-house.com [127.0.0.1]) by himinbjorg.tucs-beachin-obx-house.com (8.13.8/8.13.6) with ESMTP id l9H1Ngr8093353; Tue, 16 Oct 2007 21:23:42 -0400 (EDT) (envelope-from ml@t-b-o-h.net) Received: (from tbohml@localhost) by himinbjorg.tucs-beachin-obx-house.com (8.13.8/8.13.6/Submit) id l9H1NgfR093351; Tue, 16 Oct 2007 21:23:42 -0400 (EDT) (envelope-from tbohml) From: "Tuc at T-B-O-H.NET" Message-Id: <200710170123.l9H1NgfR093351@himinbjorg.tucs-beachin-obx-house.com> To: matt@gsicomp.on.ca (Matt Emmerton) Date: Tue, 16 Oct 2007 21:23:42 -0400 (EDT) In-Reply-To: <00e501c81059$4baa60d0$1200a8c0@hermes> X-Mailer: ELM [version 2.5 PL8] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: "Tuc at T-B-O-H.NET" , freebsd-questions@freebsd.org Subject: Re: syslog marking sendmail output as "kernel:" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Oct 2007 01:23:49 -0000 > > I understand there isn't a problem with the first one, but then its > > logging > > the second as a "kernel:" entry. My syslog.conf is : > > > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > *.emerg * > > *.debug /var/log/spool > > > > Is there a way to stop that second entry? It keeps tripping my syslog > > monitoring program. > > What release are you running? (Show the output of uname -a) > Its a 5.3 system.... > > It's just a formatting issue. > > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): > > > > Oct 16 00:00:25 valhalla kernel: > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): > > > > There must be somewhere in the kernel where we're writing to the syslog with > an empty error string. The syslog routines expect a newline-terminated > character string, so the lack of a newline causes the next entry to be on > the same line as the (non-existant) kernel message. > > The trouble will be tracking this down. > But look at it again... Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from= Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from= I didn't wrap the lines this time. Its the SAME message. Once normal, ONCE logged as "kernel". I would believe something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I could see it was completely a lack of new line issue. But why would it log the sm-mta output, then *something* part log a kernel message, THEN re-log out the sm-mta message? I tried to tcpdump port 514 to see if I can see sendmail doing it, but it looks like since its on the local machine it might be using syslogs char special device. How would I debug that (Short of running syslog in debug mode) Thanks, Tuc