From: Walter Heukels (walterhe@kpn.net)
Date: Fri May 09 2003 - 08:30:24 EDT
I'm having an interesting problem with a remote syslog setup. My
syslog.conf contains the following:
*.info @loghost
*.err @loghost
*.notice @loghost
*.crit @loghost
*.emerg @loghost
*.alert @loghost
I haven't removed any of the default entries, so everything is still being
logged locally, and this works as expected. (I've reproduced the full
syslog.conf below.)
(Yes, those are tabs, and loghost is properly defined (only once) in
/etc/hosts.) If you're wondering why I've listed everything on separate
lines, it's because I ran into even stranger problems when I put them all
on one line.
The funny thing is that some log priorities are sent mupltime times to the
loghost. For instance, tcpdump shows the following when I run logger -p
local2.alert "syslog test":
[root@hostname ~]# /opt/sfw/sbin/tcpdump host loghost
tcpdump: listening on eri0
14:19:46.136303 hostname.45851 > loghost.syslog: udp 67 (DF)
14:19:46.136492 hostname.45852 > loghost.syslog: udp 67 (DF)
14:19:46.136634 hostname.45853 > loghost.syslog: udp 67 (DF)
14:19:46.136705 hostname.45854 > loghost.syslog: udp 67 (DF)
14:19:46.137496 hostname.45856 > loghost.syslog: udp 67 (DF)
And indeed the message shows up five times on the loghost.
Priority mail.info works fine, though.
Does anyone have any clue as to what might be causing this? I mean, I can
imagine having inadvertently specified something twice, but five times?
I'm seeing this problem on systems that run both Solaris 8 and 2.6. (The
loghost runs syslog-ng on Solaris 8, but since the messages are obviously
leaving the client multiple times I don't think this is relevant.)
Thanks in advance, I'll summarise.
Walter
The full syslog.conf:
#ident "@(#)syslog.conf 1.5 99/02/03 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1999 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
auth.notice;auth.crit;auth.info /var/log/authlog
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
*.info @loghost
*.err @loghost
*.notice @loghost
*.crit @loghost
*.emerg @loghost
*.alert @loghost
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
#mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
mail.debug /var/log/syslog
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:23 EDT