Date: Tue, 16 Oct 2007 22:49:00 -0400 From: "Matt Emmerton" <matt@gsicomp.on.ca> To: <freebsd-questions@freebsd.org> Subject: Re: syslog marking sendmail output as "kernel:" Message-ID: <003801c81068$454bfc30$1200a8c0@hermes> References: <200710170123.l9H1NgfR093351@himinbjorg.tucs-beachin-obx-house.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> > I understand there isn't a problem with the first one, but then its >> > logging >> > the second as a "kernel:" entry. My syslog.conf is : >> > >> > *.err;kern.debug;auth.notice;mail.crit /dev/console >> > *.emerg * >> > *.debug /var/log/spool >> > >> > Is there a way to stop that second entry? It keeps tripping my syslog >> > monitoring program. >> >> What release are you running? (Show the output of uname -a) >> > Its a 5.3 system.... >> >> It's just a formatting issue. >> >> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): >> > <snip> >> > Oct 16 00:00:25 valhalla kernel: <added newline> >> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): >> > <snip> >> >> There must be somewhere in the kernel where we're writing to the syslog >> with >> an empty error string. The syslog routines expect a newline-terminated >> character string, so the lack of a newline causes the next entry to be on >> the same line as the (non-existant) kernel message. >> >> The trouble will be tracking this down. >> > But look at it again... > > Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): > collect: I/O error on connection from > dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto@geocities.com> > Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: > l9G42RKM069570: SYSERR(root): collect: I/O error on connection from > dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto@geocities.com> > > I didn't wrap the lines this time. > > Its the SAME message. Once normal, ONCE logged as "kernel". I would > believe > something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT > messages, I > could see it was completely a lack of new line issue. But why would it log > the sm-mta output, then *something* part log a kernel message, THEN re-log > out the sm-mta message? Ah, I didn't notice that sm-mta was logging the same message twice. Note that all syslog messages (from the kernel and user programs) are picked up by syslogd and logged. There's nothing preventing kernel and user-mode messages from getting interleaved. So assuming that sm-mta is logging the same message twice, it's perfectly viable that something from the kernel could be stuck in between the two instances from sm-mta. Regardless, I see two issues: 1) Why is the same sm-mta message getting dumped twice? 2) Why is an empty kernel message getting dumped (which screws up formatting?) Regards, -- Matt Emmerton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003801c81068$454bfc30$1200a8c0>