Re: syslog marking sendmail output as kernel:
So something IS sending it twice, once at pri 22, no flags, then once at 166 flags 17. (Unless by some configuration flukeyness its reprocessing the line). So IMHO its not getting something improperly terminated. Its getting the line twice at different pri/flags causing it to prepend the Oct 16 00:00:25 valhalla kernel: to the already formatted Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED] The question is is it because of some weird syslog config, or is it sendmail (8.13.1)? I found the answer, now I just need to know if there is something I can do about. I found out through trail/error/LOTS of Googling that it ISN'T sendmail thats the problem. AND its not syslogd... Its apparently the kernel. On the ARCH list, about a year+1/2 ago, they were talking about things, and PHK made the following comment : Spitting things out on /dev/console today will more likely than not, print stuff on a syscons or serial port which nobody looks at. For that reason, we added a hack to the kernel to make all stuff that went to /dev/console be sent to syslogd(8) So, its the kernel forwarding things BACK to syslogd. Anyone know how to write to the console WITHOUT this happening, or without syslog repeating it? Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog marking sendmail output as kernel:
On Oct 16, 2007, at 6:01 PM, Matt Emmerton wrote: There must be somewhere in the kernel where we're writing to the syslog with an empty error string. The syslog routines expect a newline-terminated character string, so the lack of a newline causes the next entry to be on the same line as the (non-existant) kernel message. Actually, syslog should be just fine without getting a trailing newline; from the manpage: The message is identical to a printf(3) format string, except that `%m' is replaced by the current error message. (As denoted by the global variable errno; see strerror(3).) A trailing newline is added if none is present. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog marking sendmail output as kernel:
On Oct 16, 2007, at 6:01 PM, Matt Emmerton wrote: There must be somewhere in the kernel where we're writing to the syslog with an empty error string. The syslog routines expect a newline-terminated character string, so the lack of a newline causes the next entry to be on the same line as the (non-existant) kernel message. Actually, syslog should be just fine without getting a trailing newline; from the manpage: The message is identical to a printf(3) format string, except that `%m' is replaced by the current error message. (As denoted by the global variable errno; see strerror(3).) A trailing newline is added if none is present. Hi Chuck, I'm still not convinced thats the issue. I did a -d on syslog and came up with. With a syslog.conf of : *.err;kern.debug;auth.notice;mail.crit /dev/console *.emerg * *.debug /var/log/spool the syslog is seeing : logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED]^M Logging to CONSOLE /dev/console^M Logging to FILE /var/log/spool^M logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED]^M Logging to FILE /var/log/spool^M So something IS sending it twice, once at pri 22, no flags, then once at 166 flags 17. (Unless by some configuration flukeyness its reprocessing the line). So IMHO its not getting something improperly terminated. Its getting the line twice at different pri/flags causing it to prepend the Oct 16 00:00:25 valhalla kernel: to the already formatted Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED] The question is is it because of some weird syslog config, or is it sendmail (8.13.1)? Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
syslog marking sendmail output as kernel:
Hi, I'm seeing in the logs : Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): collect: I /O error on connection from bd0614db.virtua.com.br, from=[EMAIL PROTECTED] om Oct 16 00:00:25 valhalla kernel: Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf 5069206: SYSERR(root): collect: I/O error on connection from bd0614db.virtua.com .br, from=[EMAIL PROTECTED] I understand there isn't a problem with the first one, but then its logging the second as a kernel: entry. My syslog.conf is : *.err;kern.debug;auth.notice;mail.crit /dev/console *.emerg * *.debug /var/log/spool Is there a way to stop that second entry? It keeps tripping my syslog monitoring program. Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog marking sendmail output as kernel:
I understand there isn't a problem with the first one, but then its logging the second as a kernel: entry. My syslog.conf is : *.err;kern.debug;auth.notice;mail.crit /dev/console *.emerg * *.debug /var/log/spool Is there a way to stop that second entry? It keeps tripping my syslog monitoring program. What release are you running? (Show the output of uname -a) Its a 5.3 system It's just a formatting issue. Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip Oct 16 00:00:25 valhalla kernel: added newline Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip There must be somewhere in the kernel where we're writing to the syslog with an empty error string. The syslog routines expect a newline-terminated character string, so the lack of a newline causes the next entry to be on the same line as the (non-existant) kernel message. The trouble will be tracking this down. But look at it again... Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=[EMAIL PROTECTED] Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=[EMAIL PROTECTED] I didn't wrap the lines this time. Its the SAME message. Once normal, ONCE logged as kernel. I would believe something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I could see it was completely a lack of new line issue. But why would it log the sm-mta output, then *something* part log a kernel message, THEN re-log out the sm-mta message? I tried to tcpdump port 514 to see if I can see sendmail doing it, but it looks like since its on the local machine it might be using syslogs char special device. How would I debug that (Short of running syslog in debug mode) Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog marking sendmail output as kernel:
- Original Message - From: Tuc at T-B-O-H.NET [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Tuesday, October 16, 2007 8:05 PM Subject: syslog marking sendmail output as kernel: Hi, I'm seeing in the logs : Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): collect: I /O error on connection from bd0614db.virtua.com.br, from=[EMAIL PROTECTED] om Oct 16 00:00:25 valhalla kernel: Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf 5069206: SYSERR(root): collect: I/O error on connection from bd0614db.virtua.com .br, from=[EMAIL PROTECTED] I understand there isn't a problem with the first one, but then its logging the second as a kernel: entry. My syslog.conf is : *.err;kern.debug;auth.notice;mail.crit /dev/console *.emerg * *.debug /var/log/spool Is there a way to stop that second entry? It keeps tripping my syslog monitoring program. What release are you running? (Show the output of uname -a) It's just a formatting issue. Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip Oct 16 00:00:25 valhalla kernel: added newline Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip There must be somewhere in the kernel where we're writing to the syslog with an empty error string. The syslog routines expect a newline-terminated character string, so the lack of a newline causes the next entry to be on the same line as the (non-existant) kernel message. The trouble will be tracking this down. Regards, -- Matt Emmerton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog marking sendmail output as kernel:
It's just a formatting issue. Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip Oct 16 00:00:25 valhalla kernel: added newline Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip There must be somewhere in the kernel where we're writing to the syslog with an empty error string. The syslog routines expect a newline-terminated character string, so the lack of a newline causes the next entry to be on the same line as the (non-existant) kernel message. The trouble will be tracking this down. But look at it again... Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=[EMAIL PROTECTED] Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=[EMAIL PROTECTED] I didn't wrap the lines this time. Its the SAME message. Once normal, ONCE logged as kernel. I would believe something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I could see it was completely a lack of new line issue. But why would it log the sm-mta output, then *something* part log a kernel message, THEN re-log out the sm-mta message? I tried to tcpdump port 514 to see if I can see sendmail doing it, but it looks like since its on the local machine it might be using syslogs char special device. How would I debug that (Short of running syslog in debug mode) Sorry to reply to my own message... But I did some debug on syslog. Here is what it sees : logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED]^M Logging to CONSOLE /dev/console^M Logging to FILE /var/log/spool^M logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED]^M Logging to FILE /var/log/spool^M So something IS sending it twice, once at pri 22, no flags, then once at 166 flags 17. So its not getting something improperly terminated. Its getting the line twice at different pri/flags causing it to prepend the Oct 16 00:00:25 valhalla kernel: to the already formatted Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=[EMAIL PROTECTED] Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog marking sendmail output as kernel:
I understand there isn't a problem with the first one, but then its logging the second as a kernel: entry. My syslog.conf is : *.err;kern.debug;auth.notice;mail.crit /dev/console *.emerg * *.debug /var/log/spool Is there a way to stop that second entry? It keeps tripping my syslog monitoring program. What release are you running? (Show the output of uname -a) Its a 5.3 system It's just a formatting issue. Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip Oct 16 00:00:25 valhalla kernel: added newline Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): snip There must be somewhere in the kernel where we're writing to the syslog with an empty error string. The syslog routines expect a newline-terminated character string, so the lack of a newline causes the next entry to be on the same line as the (non-existant) kernel message. The trouble will be tracking this down. But look at it again... Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=[EMAIL PROTECTED] Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=[EMAIL PROTECTED] I didn't wrap the lines this time. Its the SAME message. Once normal, ONCE logged as kernel. I would believe something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I could see it was completely a lack of new line issue. But why would it log the sm-mta output, then *something* part log a kernel message, THEN re-log out the sm-mta message? Ah, I didn't notice that sm-mta was logging the same message twice. Note that all syslog messages (from the kernel and user programs) are picked up by syslogd and logged. There's nothing preventing kernel and user-mode messages from getting interleaved. So assuming that sm-mta is logging the same message twice, it's perfectly viable that something from the kernel could be stuck in between the two instances from sm-mta. Regardless, I see two issues: 1) Why is the same sm-mta message getting dumped twice? 2) Why is an empty kernel message getting dumped (which screws up formatting?) Regards, -- Matt Emmerton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
