<font size=2 face="sans-serif">I believe some distributions dump the contents
of "dmesg" (which displays the contents of the kernel ring buffer)
into syslog once it is started.... is that what you're thinking of?</font>
<br>
<br><font size=2 face="sans-serif">Regards,</font>
<br>
<br><font size=2 face="sans-serif">Scott. </font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">"Patrick H."
<syslogng@feystorm.net></font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">syslog-ng@lists.balabit.hu</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">15/09/2011 13:59</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">[syslog-ng]
buffer logs from initramfs until syslog-ng starts</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Sent by:
</font><font size=1 face="sans-serif">syslog-ng-bounces@lists.balabit.hu</font>
<br>
<hr noshade>
<br>
<br>
<br><font size=3 color=#0041c2>So I'm trying to find a way to buffer logs
from extremely early in the boot process (from when the initramfs is still
running), and then dump them to syslog-ng once it starts. Has anyone done
anything similar?<br>
<br>
The only real idea that comes to mind is to use busybox's syslogd and have
it use a circular buffer, then configure syslog-ng with a program source
that reads the buffer and then terminates the the daemon (something like
'logread ; pkill -x syslogd &>/dev/null'), and set follow_freq to
0. Whether this will work or not, I dont know as I've never played with
program sources. Also a problem I see with this is that the busybox syslogd
would need to be killed before syslog-ng tries to open /dev/log and /proc/kmsg,
but I'm not sure how to go about that.<br>
<br>
I do seem to recall some other utility I've ran across in my travels that
is designed for this exact purpose, in that it buffers syslog messages
during boot, then dumps its buffer once the main syslog daemon has started
and terminates, but I cant remember what its called (and google is failing
me).<br>
<br>
So does anyone have any good ideas for solving this situation?</font><tt><font size=2>______________________________________________________________________________<br>
Member info: </font></tt><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"><tt><font size=2>https://lists.balabit.hu/mailman/listinfo/syslog-ng</font></tt></a><tt><font size=2><br>
Documentation: </font></tt><a href="http://www.balabit.com/support/documentation/?product=syslog-ng"><tt><font size=2>http://www.balabit.com/support/documentation/?product=syslog-ng</font></tt></a><tt><font size=2><br>
FAQ: </font></tt><a href="http://www.balabit.com/wiki/syslog-ng-faq"><tt><font size=2>http://www.balabit.com/wiki/syslog-ng-faq</font></tt></a><tt><font size=2><br>
<br>
</font></tt>
<br><font size=2 face="sans-serif"><br>
<br>
<br>
<br>
</font>