[logs] Error messages from syslogd
Tina Bird
tbird at precision-guesswork.com
Wed Jul 11 09:41:11 PDT 2007
> Depends on the type of syslog installed wouldn't it? As in Linux
> syslog would have different error messages than Solaris or AIX or
> Ultrix. My first action would be to look at the source code for the
> open ones... and then do a strings on the non-open ones for some
> guesses.
>
> Beyond that I do not have anything at the moment.
Yep, they'll be system dependent. That's okay. I can deal with it all by
system - it's just going on a big web page, remember...
I have received a number of responses along these lines, obtained by
grepping the source code or by running strings on the binary. These are far
better than nothing, and I'm grateful for the help, but they miss an
important piece of the picture. Especially in a piece of code as old and,
uh, crufty as syslogd, there's a high likelihood that many of the errors
find themselves at the far ends of code paths that rarely (if ever) get
executed, and therefore those errors never find themselves in the "outside"
world, providing assistance (or confusion) to system administrators
everywhere.
Hence my interest in observational data.
I did scrounge up one more error in my own testbed after I sent my post last
night:
Jun 18 03:05:00 <syslog.err> bettiepage syslogd: sendto: Host is down
which, when I thought about it, is the only error message from syslogd that
I've *ever* seen. Obviously it's actionable, although since this is a
vanilla syslogd running over UDP, I've never quite figured out how it
manages to "know" that the remote host is unavailable...
cheers - tbird
More information about the LogAnalysis
mailing list