SYSERR creating 2 syslog messages, one "kernel:"

Hi,

Using 8.13.1 (And seen in 8.14.1) Whenever we see a sendmail "SYSERR"
logged, it comes
twice, once as normal, and once as a kernel message :

Oct 21 13:54:11 valhalla sm-mta[8720]: l9LHsA7M008720: SYSERR(root):
collect: I/O error on connection from p5B20C7BF.dip.t-dialin.net,
from=
Oct 21 13:54:11 valhalla kernel: Oct 21 13:54:11 valhalla sm-
mta[8720]: l9LHsA7M008720: SYSERR(root): collect: I/O error on
connection from p5B20C7BF.dip.t-dialin.net, from=

My syslog.conf looks like :

*.err;kern.debug;auth.notice;mail.crit /dev/console
*.emerg *
*.debug /var/log/spool

and in debug it is seeing (For a different message, but same
situation)

logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-
mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on
connection from [61.177.142.218],
from=
Logging to CONSOLE /dev/console
Logging to FILE /var/log/spool
logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla
sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on
connection from [61.17
7.142.218], from=^M
Logging to FILE /var/log/spool

Is there something I configured wrong in sendmail/syslog? Since syslog
sees 2 messages,
one pri 22, flags 0 and one pri 166 flags 17, it would seem sendmail
is sending it twice.

Thanks, Tuc

Re: SYSERR creating 2 syslog messages, one "kernel:"

In article <1192989518.711342.259990@q3g2000prf.googlegroups.com>,
Tuc wrote:

> Hi,
>
> Using 8.13.1 (And seen in 8.14.1) Whenever we see a sendmail "SYSERR"
> logged, it comes
> twice, once as normal, and once as a kernel message :
>
> Oct 21 13:54:11 valhalla sm-mta[8720]: l9LHsA7M008720: SYSERR(root):
> collect: I/O error on connection from p5B20C7BF.dip.t-dialin.net,
> from=
> Oct 21 13:54:11 valhalla kernel: Oct 21 13:54:11 valhalla sm-
> mta[8720]: l9LHsA7M008720: SYSERR(root): collect: I/O error on
> connection from p5B20C7BF.dip.t-dialin.net, from=
>
> My syslog.conf looks like :
>
> *.err;kern.debug;auth.notice;mail.crit /dev/console
> *.emerg *
> *.debug /var/log/spool
>
> and in debug it is seeing (For a different message, but same
> situation)
>
> logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-
> mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on
> connection from [61.177.142.218],
> from=
> Logging to CONSOLE /dev/console
> Logging to FILE /var/log/spool
> logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla
> sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on
> connection from [61.17
> 7.142.218], from=^M
> Logging to FILE /var/log/spool
>
> Is there something I configured wrong in sendmail/syslog? Since syslog
> sees 2 messages,
> one pri 22, flags 0 and one pri 166 flags 17, it would seem sendmail
> is sending it twice.

It looks very likely that you have something looped in your syslog setup
so that the message to the console is getting read and sent back to
syslog with a new facility+priority. The second message is not being
sent by Sendmail, but by something that is recycling console messages
back into syslog.

--
Now where did I hide that website...

Re: SYSERR creating 2 syslog messages, one "kernel:"

On Oct 21, 3:51 pm, Bill Cole wrote:
> In article <1192989518.711342.259...@q3g2000prf.googlegroups.com>,
>
>
>
> Tuc wrote:
> > Hi,
>
> > Using 8.13.1 (And seen in 8.14.1) Whenever we see a sendmail "SYSERR"
> > logged, it comes
> > twice, once as normal, and once as a kernel message :
>
> > Oct 21 13:54:11 valhalla sm-mta[8720]: l9LHsA7M008720: SYSERR(root):
> > collect: I/O error on connection from p5B20C7BF.dip.t-dialin.net,
> > from=
> > Oct 21 13:54:11 valhalla kernel: Oct 21 13:54:11 valhalla sm-
> > mta[8720]: l9LHsA7M008720: SYSERR(root): collect: I/O error on
> > connection from p5B20C7BF.dip.t-dialin.net, from=
>
> > My syslog.conf looks like :
>
> > *.err;kern.debug;auth.notice;mail.crit /dev/console
> > *.emerg *
> > *.debug /var/log/spool
>
> > and in debug it is seeing (For a different message, but same
> > situation)
>
> > logmsg: pri 22, flags 0, from valhalla, msg Oct 16 21:29:00 sm-
> > mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on
> > connection from [61.177.142.218],
> > from=
> > Logging to CONSOLE /dev/console
> > Logging to FILE /var/log/spool
> > logmsg: pri 166, flags 17, from valhalla, msg Oct 16 21:29:00 valhalla
> > sm-mta[31804]: l9H1Srwd031804: SYSERR(root): collect: I/O error on
> > connection from [61.17
> > 7.142.218], from=^M
> > Logging to FILE /var/log/spool
>
> > Is there something I configured wrong in sendmail/syslog? Since syslog
> > sees 2 messages,
> > one pri 22, flags 0 and one pri 166 flags 17, it would seem sendmail
> > is sending it twice.
>
> It looks very likely that you have something looped in your syslog setup
> so that the message to the console is getting read and sent back to
> syslog with a new facility+priority. The second message is not being
> sent by Sendmail, but by something that is recycling console messages
> back into syslog.
>
> --
> Now where did I hide that website...


I've tried the following test :

valhalla# logger -p user.err USER.ERR
valhalla# grep "USER.ERR" /var/log/spool
Oct 21 16:01:51 valhalla tuc: USER.ERR
Oct 21 16:01:51 valhalla kernel: Oct 21 16:01:51 valhalla tuc:
USER.ERR

valhalla# logger -p KERN.DEBUG KERN.DEBUG
valhalla# grep "KERN.DEBUG" /var/log/spool
Oct 21 16:03:23 valhalla tuc: KERN.DEBUG

valhalla# logger -p AUTH.NOTICE AUTH.NOTICE
valhalla# grep "AUTH.NOTICE" /var/log/spool
Oct 21 16:04:19 valhalla tuc: AUTH.NOTICE
Oct 21 16:04:19 valhalla kernel: Oct 21 16:04:19 valhalla tuc:
AUTH.NOTICE

valhalla# logger -p MAIL.CRIT MAIL.CRIT
valhalla# grep "MAIL.CRIT" /var/log/spool
Oct 21 16:05:12 valhalla tuc: MAIL.CRIT
Oct 21 16:05:12 valhalla kernel: Oct 21 16:05:12 valhalla tuc:
MAIL.CRIT

Thats pretty weird... This is FreeBSD syslog, will have to look at how
they
handle things, since my entire syslog.conf is :

*.err;kern.debug;auth.notice;mail.crit /dev/console
*.emerg *
*.debug /var/log/spool

What facility does sendmail log the "SYSERR" type messages? Is it
mail.crit, or mail.err?

Thanks, Tuc