Note: This syslog entry is puzzling if the system has no program named try, but no cause for concern:
2011-11-19T01:31:21 frodo kernel: pid 47812 (try), uid 0: exited on signal 10 (core dumped)
Source of the program is Perl’s Configure script, which compiles its C library test cases into programs named try. And apparently amd64 systems need to use the function va_copy() because the test case without this function leads to a segfault.
Just to preserve it, here’s a useful shell command line to print a histogram of frequent log events:
grep -h 'expr' files | cut -d ' ' -f 1,2 | uniq -c | awk '{step=5; bar = ""; for(i = $1; i>=1; i = i-step) bar = bar "#"; printf $2, $3, bar; }'
Given a multiuser webserver with PHP and error logging to syslog. Problem: how do you correlate error messages with users? This patch lets PHP call openlog() with a configurable program name. Read the rest of this entry »
I finally checked how the Solaris kernel assigns message IDs to its log messages.
Und nun der obligatorische Eintrag live vom BSD-Stand auf den Chemnitzer Linux-Tagen.
Mein eigener Vortrag zu den Syslog-RFCs lief gut. Grunix hat auch schon erste Bilder.
Today the RFCs for the new Syslog procol and transport were published:
Time for some useless statistics… Because I had to set some initial buffer sizes in syslogd I took a closer look at my log files. I used all logs from last month and counted the line lengths for every message to get an impression of real-life requirements on message/line lenghts.
When I came to work on Syslog one of the most disturbing texts I came across was Rainer’s observation “On the (un)reliability of plain tcp syslog…“. The problem is that a sendmsg() system call is nearly always successful — it only indicates local errors (like a full send queue), but no network errors. So even after the other side initiated a connection shutdown one can happily write into the local buffer and only get an error on the second write.