From owner-freebsd-questions@FreeBSD.ORG Wed Oct 17 02:49:13 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E34216A468 for ; Wed, 17 Oct 2007 02:49:13 +0000 (UTC) (envelope-from matt@gsicomp.on.ca) Received: from daisy2.compar.com (daisy2.compar.com [216.208.38.133]) by mx1.freebsd.org (Postfix) with ESMTP id 08FF613C480 for ; Wed, 17 Oct 2007 02:49:12 +0000 (UTC) (envelope-from matt@gsicomp.on.ca) Received: from localhost (localhost.compar.com [127.0.0.1]) by daisy2.compar.com (Postfix) with ESMTP id D567813C43C for ; Tue, 16 Oct 2007 22:49:11 -0400 (EDT) X-Virus-Scanned: amavisd-new at compar.com Received: from unknown by localhost (amavisd-new, unix socket) id 9Fb39CiRl9oV for ; Tue, 16 Oct 2007 22:49:02 -0400 (EDT) Received: from penelope.gsicomp.on.ca (CPE00062566c7bb-CM0011e6ede298.cpe.net.cable.rogers.com [99.236.43.116]) by daisy2.compar.com (Postfix) with ESMTP id 078FA13C42C for ; Tue, 16 Oct 2007 22:49:01 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by penelope.gsicomp.on.ca (Postfix) with ESMTP id 17CCA11450 for ; Tue, 16 Oct 2007 23:12:27 -0400 (EDT) X-Virus-Scanned: amavisd-new at gsicomp.on.ca Received: from unknown by localhost (amavisd-new, unix socket) id sl+VIJnQCd-p for ; Tue, 16 Oct 2007 23:12:24 -0400 (EDT) Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by penelope.gsicomp.on.ca (Postfix) with SMTP id 1C48E11436 for ; Tue, 16 Oct 2007 23:12:23 -0400 (EDT) Message-ID: <003801c81068$454bfc30$1200a8c0@hermes> From: "Matt Emmerton" To: References: <200710170123.l9H1NgfR093351@himinbjorg.tucs-beachin-obx-house.com> Date: Tue, 16 Oct 2007 22:49:00 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Subject: Re: syslog marking sendmail output as "kernel:" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Oct 2007 02:49:13 -0000 >> > I understand there isn't a problem with the first one, but then its >> > logging >> > the second as a "kernel:" entry. My syslog.conf is : >> > >> > *.err;kern.debug;auth.notice;mail.crit /dev/console >> > *.emerg * >> > *.debug /var/log/spool >> > >> > Is there a way to stop that second entry? It keeps tripping my syslog >> > monitoring program. >> >> What release are you running? (Show the output of uname -a) >> > Its a 5.3 system.... >> >> It's just a formatting issue. >> >> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): >> > >> > Oct 16 00:00:25 valhalla kernel: >> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): >> > >> >> There must be somewhere in the kernel where we're writing to the syslog >> with >> an empty error string. The syslog routines expect a newline-terminated >> character string, so the lack of a newline causes the next entry to be on >> the same line as the (non-existant) kernel message. >> >> The trouble will be tracking this down. >> > But look at it again... > > Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): > collect: I/O error on connection from > dsl-189-133-2-240.prod-infinitum.com.mx, from= > Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: > l9G42RKM069570: SYSERR(root): collect: I/O error on connection from > dsl-189-133-2-240.prod-infinitum.com.mx, from= > > I didn't wrap the lines this time. > > Its the SAME message. Once normal, ONCE logged as "kernel". I would > believe > something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT > messages, I > could see it was completely a lack of new line issue. But why would it log > the sm-mta output, then *something* part log a kernel message, THEN re-log > out the sm-mta message? Ah, I didn't notice that sm-mta was logging the same message twice. Note that all syslog messages (from the kernel and user programs) are picked up by syslogd and logged. There's nothing preventing kernel and user-mode messages from getting interleaved. So assuming that sm-mta is logging the same message twice, it's perfectly viable that something from the kernel could be stuck in between the two instances from sm-mta. Regardless, I see two issues: 1) Why is the same sm-mta message getting dumped twice? 2) Why is an empty kernel message getting dumped (which screws up formatting?) Regards, -- Matt Emmerton