System and Kernel Log Daemon: Sysklogd not logging all data...

From: Kevin W. Gagel <gagel@cnc.bc.ca>
Date: Tue Nov 02 2004 - 20:03:55 CET

I don't know if its a sysklogd problem or if the sending utilities are not
sending correctly. So at this stage I need some guidence as to where to look.

I'm using SuSE 8.1 which is packaged with sysklogd 1.3. The utilities that are
sending log info are spamd (from spamassassin) and postlog (from postfix).

How I know I have a problem.

When spamd is finished with a message its given a rating, say for example
5.29, it logs a line that includes "result Y " (as per my config 5.0 and
higher are tagged) and the value it determined the message to be at to
syslklogd.

My script parses the headers of each message and searches for the spam level
and then counts the stars to see if there are 10 or more. If there are 10 or
more it deletes the message and uses postlog to report to syslog a line that
includes "DISCARDING SPAM".

Logically I should be able to do a couple of grep's to find how many messages
were discarded and how many were tagged. The tagged numbers should be higher
because not everything that is tagged is discarded.

Unfortunatly I'm finding that is not true and comparing the values on a daily
basis has lead me to conclude that the log information is not reaching syslog
or syslog is not recording it.

Here's a sample:
"result Y" "DISCARDING SPAM"
Oct 1 1375 1921
Oct 2 0 2185
Oct 3 0 2064
Oct 4 65 2323
Oct 5 2834 2682
Oct 6 2997 2865
Oct 7 1984 1822

While the 1st through the 4th seem to show that spamd does not log
consistantly there are other dates that show counts that are just to low for
both. The 5th through 7th show what is consistant for a lot of the month. In
all there are 9 days that report 0 tagged as spam and 7 days that report
nothing discarded (not at all likely for either). Since both seem to have a
problem I suspect that its sysklogd that has the problem.

Any suggestions on how I can narrow this down?

=========================
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 561-5848 local 448

--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------
Received on Tue, 02 Nov 2004 11:03:55 -0800

This archive was generated by hypermail 2.1.8 : Tue Nov 02 2004 - 20:27:49 CET