On Tue, Sep 26, 2017 at 10:51:00AM +0200, Tony Boston wrote:
> thanks for your response. Really appreciated. I'll check that with my boxes
To identify what process is flooding syslog messages you could do
something like this:
Temporarily add a debug log file which captures everything
# touch /var/log/debug
# chmod go-rwx /var/log/debug
Add a line to the top of /etc/syslog.conf like
*.* /var/log/debug
And activate it with
# rcctl reload syslogd
To check how often the problem occurs and whether it occured again:
# zgrep -h 'sendsyslog: dropped' /var/log/messages* | \
cut -d ' ' -f 1-3 | sort -u
Wait until the message occurs the next time, then see /var/log/debug
during the same timeframe (grep for the timestamp), and you should see
the culprit(s).
HTH,
Daniel
