On Solaris,
1) If I use both $Modload ImkLog and $Modload imsolaris,
A logger command will always generate message twice.
2011-09-26T11:08:46-04:00 i8-420-02 test: [ID 702911 user.notice] This
is a test
2011-09-26T11:08:46.962612-04:00 i8-420-02 kernel: Sep 26 11:08:46
test: [ID 702911 user.notice] This is a test
su command will return only one message.
2011-09-26T12:08:21.643321-04:00 i8-420-02 kernel: Sep 26 12:08:21 su:
[ID 366847 auth.info] 'su root' succeeded for vl10243 on /dev/pts/4
2) If I use $Modload imklog only, the logger command will return only one
message.
2011-09-26T12:02:20.667780-04:00 i8-420-02 kernel: Sep 26 12:02:20 test:
[ID 702911 user.notice] this is a test
su command will return only one message.
2011-09-26T12:02:47.700657-04:00 i8-420-02 kernel: Sep 26 12:02:47 su:
[ID 366847 auth.info] 'su root' succeeded for vl10243 on /dev/pts/4
3) If I use $Modload imsolaris only
The logger command will return the following message.
2011-09-26T12:06:01-04:00 i8-420-02 test: [ID 702911 user.notice] this
is a test
su command will not return any message.
I only need one message to be generated in the system log (same on Linux), not
duplicated.
It looks like I can use imklog module alone to capture both kernel and logger
command message. But I am not sure if I still could miss other type of system
events without using imsolaris module.
For the kernel message generated, I don't like duplicated time stamp
For example, the following event,
2011-09-26T12:02:20.667780-04:00 i8-420-02 kernel: Sep 26 12:02:20 test: [ID
702911 user.notice] this is a test
The timestamp after kernel: Sep 26 12:02:20 because I already have the event
time 2011-09-26T12:02:20.667780-04:00.
Any suggestions? Anybody have a sample rsyslog.conf on Solaris to share?
Thanks
Victor Lu
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
