syslog marking sendmail output as "kernel:"

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Tue Oct 16 18:36:01 PDT 2007


> > It's just a formatting issue.
> > 
> > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): 
> > > <snip>
> > > Oct 16 00:00:25 valhalla kernel: <added newline>
> > > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root): 
> > > <snip>
> > 
> > There must be somewhere in the kernel where we're writing to the syslog with 
> > an empty error string.  The syslog routines expect a newline-terminated 
> > character string, so the lack of a newline causes the next entry to be on 
> > the same line as the (non-existant) kernel message.
> > 
> > The trouble will be tracking this down.
> > 
> 	But look at it again...
> 
> Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto at geocities.com>
> Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): collect: I/O error on connection from dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto at geocities.com>
> 
> 	I didn't wrap the lines this time. 
> 
> 	Its the SAME message. Once normal, ONCE logged as "kernel". I would believe
> something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT messages, I
> could see it was completely a lack of new line issue. But why would it log
> the sm-mta output, then *something* part log a kernel message, THEN re-log
> out the sm-mta message?
> 
> 	I tried to tcpdump port 514 to see if I can see sendmail doing it, but
> it looks like since its on the local machine it might be using syslogs char
> special device.  How would I debug that (Short of running syslog in debug
> mode)
> 
	Sorry to reply to my own message... But I did some debug on syslog.
Here is what it sees :

logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=<linboduschmet at bodusch.de>^M
Logging to CONSOLE /dev/console^M
Logging to FILE /var/log/spool^M
logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=<linboduschmet at bodusch.de>^M
Logging to FILE /var/log/spool^M


	So something IS sending it twice, once at pri 22, no flags, then once
at 166 flags 17. So its not getting something improperly terminated. Its
getting the line twice at different pri/flags causing it to prepend the
"Oct 16 00:00:25 valhalla kernel:" to the already formatted 
"Oct 16 21:29:00 valhalla sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on connection from [61.177.142.218], from=<linboduschmet at bodusch.de"

			Tuc


More information about the freebsd-questions mailing list