syslog marking sendmail output as "kernel:"

Matt Emmerton matt at gsicomp.on.ca
Tue Oct 16 19:49:13 PDT 2007 

>> > I understand there isn't a problem with the first one, but then its
>> > logging
>> > the second as a "kernel:" entry. My syslog.conf is :
>> >
>> > *.err;kern.debug;auth.notice;mail.crit          /dev/console
>> > *.emerg                                         *
>> > *.debug                                         /var/log/spool
>> >
>> > Is there a way to stop that second entry? It keeps tripping my syslog
>> > monitoring program.
>>
>> What release are you running?  (Show the output of uname -a)
>>
> Its a 5.3 system....
>>
>> It's just a formatting issue.
>>
>> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root):
>> > <snip>
>> > Oct 16 00:00:25 valhalla kernel: <added newline>
>> > Oct 16 00:00:25 valhalla sm-mta[69206]: l9G40Kf5069206: SYSERR(root):
>> > <snip>
>>
>> There must be somewhere in the kernel where we're writing to the syslog 
>> with
>> an empty error string.  The syslog routines expect a newline-terminated
>> character string, so the lack of a newline causes the next entry to be on
>> the same line as the (non-existant) kernel message.
>>
>> The trouble will be tracking this down.
>>
> But look at it again...
>
> Oct 16 00:02:32 valhalla sm-mta[69570]: l9G42RKM069570: SYSERR(root): 
> collect: I/O error on connection from 
> dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto at geocities.com>
> Oct 16 00:02:32 valhalla kernel: Oct 16 00:02:32 valhalla sm-mta[69570]: 
> l9G42RKM069570: SYSERR(root): collect: I/O error on connection from 
> dsl-189-133-2-240.prod-infinitum.com.mx, from=<roberto at geocities.com>
>
> I didn't wrap the lines this time.
>
> Its the SAME message. Once normal, ONCE logged as "kernel". I would 
> believe
> something is KNOWINGLY outputting it twice. If it was 2 DIFFERENT 
> messages, I
> could see it was completely a lack of new line issue. But why would it log
> the sm-mta output, then *something* part log a kernel message, THEN re-log
> out the sm-mta message?

Ah, I didn't notice that sm-mta was logging the same message twice.  Note 
that all syslog messages (from the kernel and user programs) are picked up 
by syslogd and logged.  There's nothing preventing kernel and user-mode 
messages from getting interleaved. So assuming that sm-mta is logging the 
same message twice, it's perfectly viable that something from the kernel 
could be stuck in between the two instances from sm-mta.

Regardless, I see two issues:
1) Why is the same sm-mta message getting dumped twice?
2) Why is an empty kernel message getting dumped (which screws up 
formatting?)

Regards,
--
Matt Emmerton

More information about the freebsd-questions mailing list