From: Martin Schulze (joey@infodrom.org)
Date: Wed Jan 28 2004 - 08:56:16 CET
Ross Vandegrift wrote:
> On Mon, Jan 26, 2004 at 10:28:14PM +0100, Martin Schulze wrote:
> > Could you run tcpdump / ethereal on the log host using port 514/udp
> > to ensure that messages from the hosts you are missing are indeed
> > send to the log host and just not processed by syslogd?
>
> Ok, I've done some more snooping and I think I can verify that the
> problem is somewhere in syslogd. I found a piece of software called
> passlogd - it's a passive syslogger that receives messages by sniffing
> the local network for udp/514 traffic.
>
> I installed it on my loghost, and after sending an email, it sniffed out
> the following message:
>
> Tue Jan 27 16:51:31 2004 146.145.147.188 to 146.145.147.149: <22> sm-mta[8325]:
> i0RLpUAP008323: to=<ross@lug.udel.edu>, delay=00:00:01, xdelay=00:00:01,
> mailer=esmtp, pri=120503, relay=mail.lug.udel.edu. [128.175.60.112],
> dsn=2.0.0, stat=Sent (ok 1075240289 qp 16347)
>
> 146.145.147.188 is hedge, the mail relay. 146.145.147.149 is
> sequoia, the logging host.
>
> Looking in the mail.log for the latest message:
>
> sequoia:/var/log/mail# grep hedge mail.log | tail -n 1
> Jan 27 16:17:54 hedge sendmail[7581]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
>
> Looks like the most recent message from hedge processed by syslogd was
> 35 minutes ago. So at this point I'm sure that messages are being sent
> out by sendmail, that they're being sent to the correct loghost, and
> that the loghost is configured to receive them.
What's about syslogd -d as I described?
Where does mail.info <22> get logged?
Regards,
Joey
-- GNU GPL: "The source will be with you... always."
This archive was generated by hypermail 2.1.7 : Wed Jan 28 2004 - 08:55:32 CET