syslog marking sendmail output as "kernel:"

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Tue Oct 16 18:23:49 PDT 2007 

> > I understand there isn't a problem with the first one, but then its 
> > logging
> > the second as a "kernel:" entry. My syslog.conf is :
> >
> > *.err;kern.debug;auth.notice;mail.crit          /dev/console
> > *.emerg                                         *
> > *.debug                                         /var/log/spool
> >
> > Is there a way to stop that second entry? It keeps tripping my syslog
> > monitoring program.
> 
> What release are you running?  (Show the output of uname -a)
>
	Its a 5.3 system....
> 
> It's just a formatting issue.
> 
> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): 
> > <snip>
> > Oct 16 00:00:25 valhalla kernel: <added newline>
> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): 
> > <snip>
> 
> There must be somewhere in the kernel where we're writing to the syslog with 
> an empty error string.  The syslog routines expect a newline-terminated 
> character string, so the lack of a newline causes the next entry to be on 
> the same line as the (non-existant) kernel message.
> 
> The trouble will be tracking this down.
> 
	But look at it again...

Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto at geocities.com>
Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto at geocities.com>

	I didn't wrap the lines this time. 

	Its the SAME message. Once normal, ONCE logged as "kernel". I would believe
something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I
could see it was completely a lack of new line issue. But why would it log
the sm-mta output, then *something* part log a kernel message, THEN re-log
out the sm-mta message?

	I tried to tcpdump port 514 to see if I can see sendmail doing it, but
it looks like since its on the local machine it might be using syslogs char
special device.  How would I debug that (Short of running syslog in debug
mode)

		Thanks, Tuc

More information about the freebsd-questions mailing list