how to have syslogd not replay kernel ring buffer at startup

From: Nate Campi (
Date: 09/25/02

Date: Tue, 24 Sep 2002 20:57:10 -0700
From: Nate Campi <>

I analyze all syslog messages via swatch on a central loghost. When
syslogd is stopped and started on a Solaris host (2.6, 7 and 8) the
kernel ring buffer is send across the network to the loghost in it's

Often times there are errors or security-related logs that I've already
parsed and alerted on with swatch, and don't want to see again. I
remember reading somewhere that you can configure syslogd to not replay
the kernel buffer, but for the life of me I cannot find it.

Is there a way to do this?

The Microsoft Torque Wrench: what do you want to shear today?