[syslog-ng] buffer logs from initramfs until syslog-ng starts
Patrick H.
syslogng at feystorm.net
Thu Sep 15 16:08:32 CEST 2011
No, this was an explicit logging utility, that ran as a syslog daemon
and actually captured syslog messages.
-Patrick
Sent: Wed Sep 14 2011 22:23:46 GMT-0600 (MST)
From: Scott Rochford <scott.rochford at amadeus.com>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] buffer logs from initramfs until syslog-ng starts
> I believe some distributions dump the contents of "dmesg" (which
> displays the contents of the kernel ring buffer) into syslog once it
> is started.... is that what you're thinking of?
>
> Regards,
>
> Scott.
>
>
>
> From: "Patrick H." <syslogng at feystorm.net>
> To: syslog-ng at lists.balabit.hu
> Date: 15/09/2011 13:59
> Subject: [syslog-ng] buffer logs from initramfs until syslog-ng starts
> Sent by: syslog-ng-bounces at lists.balabit.hu
> ------------------------------------------------------------------------
>
>
>
> So I'm trying to find a way to buffer logs from extremely early in the
> boot process (from when the initramfs is still running), and then dump
> them to syslog-ng once it starts. Has anyone done anything similar?
>
> The only real idea that comes to mind is to use busybox's syslogd and
> have it use a circular buffer, then configure syslog-ng with a program
> source that reads the buffer and then terminates the the daemon
> (something like 'logread ; pkill -x syslogd &>/dev/null'), and set
> follow_freq to 0. Whether this will work or not, I dont know as I've
> never played with program sources. Also a problem I see with this is
> that the busybox syslogd would need to be killed before syslog-ng
> tries to open /dev/log and /proc/kmsg, but I'm not sure how to go
> about that.
>
> I do seem to recall some other utility I've ran across in my travels
> that is designed for this exact purpose, in that it buffers syslog
> messages during boot, then dumps its buffer once the main syslog
> daemon has started and terminates, but I cant remember what its called
> (and google is failing me).
>
> So does anyone have any good ideas for solving this
> situation?______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110915/794d8da8/attachment.htm
More information about the syslog-ng
mailing list