Date: Tue, 16 Oct 2007 21:35:46 -0400 (EDT) From: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net> To: ml@t-b-o-h.net (Tuc at T-B-O-H.NET) Cc: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net>, freebsd-questions@freebsd.org Subject: Re: syslog marking sendmail output as "kernel:" Message-ID: <200710170135.l9H1ZkTE093502@himinbjorg.tucs-beachin-obx-house.com> In-Reply-To: <200710170123.l9H1NgfR093351@himinbjorg.tucs-beachin-obx-house.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > It's just a formatting issue. > > > > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): > > > <snip> > > > Oct 16 00:00:25 valhalla kernel: <added newline> > > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): > > > <snip> > > > > There must be somewhere in the kernel where we're writing to the syslog with > > an empty error string. The syslog routines expect a newline-terminated > > character string, so the lack of a newline causes the next entry to be on > > the same line as the (non-existant) kernel message. > > > > The trouble will be tracking this down. > > > But look at it again... > > Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto@geocities.com> > Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto@geocities.com> > > I didn't wrap the lines this time. > > Its the SAME message. Once normal, ONCE logged as "kernel". I would believe > something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I > could see it was completely a lack of new line issue. But why would it log > the sm-mta output, then *something* part log a kernel message, THEN re-log > out the sm-mta message? > > I tried to tcpdump port 514 to see if I can see sendmail doing it, but > it looks like since its on the local machine it might be using syslogs char > special device. How would I debug that (Short of running syslog in debug > mode) > Sorry to reply to my own message... But I did some debug on syslog. Here is what it sees : logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=<linboduschmet@bodusch.de>^M Logging to CONSOLE /dev/console^M Logging to FILE /var/log/spool^M logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=<linboduschmet@bodusch.de>^M Logging to FILE /var/log/spool^M So something IS sending it twice, once at pri 22, no flags, then once at 166 flags 17. So its not getting something improperly terminated. Its getting the line twice at different pri/flags causing it to prepend the "Oct 16 00:00:25 valhalla kernel:" to the already formatted "Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=<linboduschmet@bodusch.de" Tuc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710170135.l9H1ZkTE093502>