> Depends on the type of syslog installed wouldn't it? As in Linux
> syslog would have different error messages than Solaris or AIX or
> Ultrix. My first action would be to look at the source code for the
> open ones... and then do a strings on the non-open ones for some
> guesses.
>
> Beyond that I do not have anything at the moment.

Yep, they'll be system dependent. That's okay. I can deal with it all by
system - it's just going on a big web page, remember...

I have received a number of responses along these lines, obtained by
grepping the source code or by running strings on the binary. These are far
better than nothing, and I'm grateful for the help, but they miss an
important piece of the picture. Especially in a piece of code as old and,
uh, crufty as syslogd, there's a high likelihood that many of the errors
find themselves at the far ends of code paths that rarely (if ever) get
executed, and therefore those errors never find themselves in the "outside"
world, providing assistance (or confusion) to system administrators
everywhere.

Hence my interest in observational data.

I did scrounge up one more error in my own testbed after I sent my post last
night:

Jun 18 03:05:00 <syslog.err> bettiepage syslogd: sendto: Host is down

which, when I thought about it, is the only error message from syslogd that
I've *ever* seen. Obviously it's actionable, although since this is a
vanilla syslogd running over UDP, I've never quite figured out how it
manages to "know" that the remote host is unavailable...

cheers - tbird
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]