how to have syslogd not replay kernel ring buffer at startupFrom: Nate Campi (firstname.lastname@example.org)
- Previous message: Jan-Philip Velders: "Re: PAM and FTP in Solaris 7"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Sep 2002 20:57:10 -0700 From: Nate Campi <email@example.com> To: firstname.lastname@example.org
I analyze all syslog messages via swatch on a central loghost. When
syslogd is stopped and started on a Solaris host (2.6, 7 and 8) the
kernel ring buffer is send across the network to the loghost in it's
Often times there are errors or security-related logs that I've already
parsed and alerted on with swatch, and don't want to see again. I
remember reading somewhere that you can configure syslogd to not replay
the kernel buffer, but for the life of me I cannot find it.
Is there a way to do this?
-- The Microsoft Torque Wrench: what do you want to shear today?
- application/pgp-signature attachment: stored