sendmail log files on solaris 8

Francis J. Lacoste flacoste at logreport.org
Mon Nov 19 17:01:51 CET 2001 

On Mon, Nov 19, 2001 at 01:24:28PM +0100, Joost van Baal wrote:
> Hi Arnaud,
> 
> > email all lr_tag-20011109085638-8029 sendmail2dlf warning skipping line 'Nov
> > 4 03:01:20 imrldmz3 sendmail[5696]: fA421KT05696: SYSERR(root):
> > collect: I/O error on connection from wk9z1.corner.ch,
> > from=<alertmail at gartner.com>: Connection reset by wk9z1.corner.ch': fromline
> > without a
> > size field

This line doesn't generate a warning anymore in the published CVS
snapshot.

> > email all lr_tag-20011109094152-8097 sendmail2dlf warning Lire::Syslog::new:
> > bogus stuff 'Oct 28 23:11:55 imrldmz1 sendmail[790]: [ID ruleset=check_rcpt,
> > arg1=<webmaster at swissflirt.ch>, relay=[195.24.84.165], reject=550 5.7.1
> > <webmaster at swissflirt.ch>... Relaying denied. IP name lookup failed
> > [195.24.84.165]': cannot parse
> 
> This looks like a K-line in your sendmail.cf (a Key File Declaration) in
> the syslog class.  Are you using the Solaris-supplied sendmail?  Or did
> you install and configure sendmail yourself?  Are you using Log Level 9
> (this is set in your sendmail.cf.)?

The ruleset= lines are also taken into account in the snapshot. 

> > As soon as I will have more time I will have a look to your perl script that
> > analyze the log and I hope I will be able to help you.
> 
> The sendmail2dlf script has been greatly improved in latest snapshot, so
> you might want to prefer looking at that one.  And: it handles your
> [ID ...] stamps.

Unfortunately, the code to handle the Solaris 8 syslog tag ([ID ...])
was added after the snapshot was made. I'm attaching the patch you
could apply to all/lib/Syslog.pm to support those stamps.

Thanks for your interest in LogReport, kind Regards,

Francis J. Lacoste

-- 
Francis J. Lacoste              . .           http://www.logreport.org
/^LogReport$/               . .               flacoste at logreport.org
-------------- next part --------------
Index: Syslog.pm
===================================================================
RCS file: /cvsroot/logreport/service/all/lib/Syslog.pm,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- Syslog.pm	2001/11/03 17:20:52	1.16
+++ Syslog.pm	2001/11/18 23:23:01	1.17
@@ -27,7 +27,8 @@
 sub parse {
     my ($self, $line) = @_;
 
-    my( $month, $day, $time, $hostname, $process, $pid, $content ) =
+    my( $month, $day, $time, $hostname, $process, $pid, $id, $facility,
+	$level, $content ) =
       ( $line =~
         m/^
             (\S+)\s+           # $month = month name
@@ -36,6 +37,10 @@
             (\S+)\s+           # $hostname = hostname
             ([^:\[]+)          # $process = process name + PID
             (?:\[(\d+)\])?:\s+ # $pid = pid, could be undef
+            (?:\[ID\s	       # Special Solaris 8 identifier
+	       (\d+)\s	       # ID ?
+	       ([a-z]+)\.([a-z]+) # Facility.loglevel
+	      \]\s+)?
             (.*)               # $content = "the rest" (to be split later)
         $/x
       )
@@ -49,6 +54,9 @@
 	    process  => $process,
 	    content  => $content,
 	    pid	     => $pid,
+	    identifier => $id,
+	    facility => $facility,
+	    level    => $level,
 	   };
 }
 
@@ -118,7 +126,7 @@
 
 =head1 VERSION
 
-$Id: Syslog.pm,v 1.16 2001/11/03 17:20:52 flacoste Exp $
+$Id: Syslog.pm,v 1.17 2001/11/18 23:23:01 flacoste Exp $
 
 =head1 COPYRIGHT
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.logreport.org/pipermail/questions/attachments/20011119/d82645aa/attachment.bin

More information about the Questions mailing list