Here's one of the weirdest things I've come up against in quite a
while ...
Recently, I decided to send all our syslog info (from all of our
machines) to a central loghost machine, in addition to the local
logfiles. So my syslog.conf looks like this:
kern.debug;[...];local3.debug _at_loghost
kern.debug /var/log/syslog/kern.log
user.debug /var/log/syslog/user.log
mail.debug /var/log/syslog/mail.log
daemon.debug /var/log/syslog/daemon.log
auth.debug /var/log/syslog/auth.log
syslog.debug /var/log/syslog/syslog.log
lpr.debug /var/log/syslog/lpr.log
news.debug /var/log/syslog/news.log
uucp.debug /var/log/syslog/uucp.log
local1.debug /var/log/syslog/local1.log
local2.debug /var/log/syslog/local2.log
local3.debug /var/log/syslog/local3.log
[ other stuff ]
... where "[...]" are all those other facility.severity fields
which appear in the lines below, and "[ other stuff ]" differs
on different platforms.
Everything works as expected, in that things get logged where
they should on both the local machine and on loghost, with one
and only one exception:
When sendmail logs an entry from a Digital UNIX system, the log
message goes to the correct place (mail.log) on the local host,
but goes to a seemingly random logfile on loghost! I've found
stuff from sendmail in auth.log, daemon.log, kern.log, lpr.log,
and syslog.log!
When sendmail runs on our IRIX or SunOS systems, sendmail's log
info *always* goes to mail.log on both the local machine and on
loghost. Furthermore, every other program's syslog info always
goes to the correct logfile on both the local host and loghost,
no matter what system it's run on (including Digital UNIX).
My first inclination might be to suspect sendmail, but the fact
that the log entries always go to mail.log on the local machine
and go to the wrong place only on loghost make one suspect that
Digital UNIX is screwing up.
But on the other hand, if I do something like
logger -p mail.somepriority "some test message"
... the message *always* ends up in mail.log on loghost, even in
cases where I do this on a DUnix system. So it seems that this
syslog problem occurs only with messages emitted by sendmail and
only when sendmail is running under Digital UNIX.
Has anyone else encountered anything like this, and/or are there
any guesses as to whether it's a DUnix problem or a sendmail bug
(or, perhaps, bugs in both)?
The details:
-- Digital UNIX 3.2c and 4.0b
-- loghost is a Sparc running SunOS 4.1.4
-- sendmail 8.6.13 (yeah, yeah, I know I should
upgrade to 8.8.8; someday ...)
As usual, many thanks in advance.
PS: DEC's manpage for "logger" is wrong. It describes the "-p"
flag as "-p priority[.facility]", but in fact the correct usage
is "-p facility.priority". The command itself complains if one
uses "-p priority.facility". On the manpage, one example uses
the correct syntax, while another uses the incorrect one. Sigh.
Mark Bartelt 416/978-5619
Canadian Institute for mark_at_cita.utoronto.ca
Theoretical Astrophysics
http://www.cita.utoronto.ca/~mark
"Nur eine Waffel taugt!" -- Parsifal, in an Eggo commercial
Received on Thu Feb 12 1998 - 16:10:18 NZDT