how to have syslogd not replay kernel ring buffer at startup

From: Nate Campi (nate@campin.net)
Date: 09/25/02


Date: Tue, 24 Sep 2002 20:57:10 -0700
From: Nate Campi <nate@campin.net>
To: focus-sun@securityfocus.com


I analyze all syslog messages via swatch on a central loghost. When
syslogd is stopped and started on a Solaris host (2.6, 7 and 8) the
kernel ring buffer is send across the network to the loghost in it's
entirety.

Often times there are errors or security-related logs that I've already
parsed and alerted on with swatch, and don't want to see again. I
remember reading somewhere that you can configure syslogd to not replay
the kernel buffer, but for the life of me I cannot find it.

Is there a way to do this?

-- 
The Microsoft Torque Wrench: what do you want to shear today? 




Relevant Pages

  • Re: [Testers wanted] /dev/console cleanups
    ... write buffer contents via syslogd ... the point the kernel finished to now", ... Or, better yet, do some syslogd magic to make a logfile that can be appropriately readable but doesn't have any overly sensitive messages directed there. ... These messages then get sent to the appropriate log files. ...
    (freebsd-hackers)
  • Re: amanda vs 2.6
    ... On Thursday 27 November 2003 03:41, Nick Piggin wrote: ... >> to syslogd until the logging socket buffer fills up. ... command in my script, 'make xconfig'. ... job as it oversees the fully installed kernel, ...
    (Linux-Kernel)
  • Re: Annoying iptables console logging
    ... getting msgs to console. ... They are sent by kernel. ... containing both syslogd and klogd, ...
    (Debian-User)
  • Problem re-stated
    ... Starting system log daemon: syslogd ... I had checked that 'Unix domain socket' was selected in the kernel config. ...
    (Debian-User)
  • Re: [Testers wanted] /dev/console cleanups
    ... And this sysctl is only usable *after* the kernel loads, ... write buffer contents via syslogd ... written to syslog when syslogd isn't even running ...
    (freebsd-hackers)