how to have syslogd not replay kernel ring buffer at startup

From: Nate Campi (nate@campin.net)
Date: 09/25/02


Date: Tue, 24 Sep 2002 20:57:10 -0700
From: Nate Campi <nate@campin.net>
To: focus-sun@securityfocus.com


I analyze all syslog messages via swatch on a central loghost. When
syslogd is stopped and started on a Solaris host (2.6, 7 and 8) the
kernel ring buffer is send across the network to the loghost in it's
entirety.

Often times there are errors or security-related logs that I've already
parsed and alerted on with swatch, and don't want to see again. I
remember reading somewhere that you can configure syslogd to not replay
the kernel buffer, but for the life of me I cannot find it.

Is there a way to do this?

-- 
The Microsoft Torque Wrench: what do you want to shear today?