For assorted reasons we're using a BSDI 2.1 system and I would like to install syslog-ng on it. I have got 1.4.3 working with the exception of kernel logging. It turns out that there is also a special device "/dev/klog" which you can read the kernel syslog messages from, but when I add it with a file("/dev/klog") in a source statement, the messages are not flagged as LOG_KERN but instead defaulting to LOG_USER.
I presume it's because bsdi 2.1 doesn't put <nnn> at the front of these messages. The behaviour of /dev/klog does not appear to be documented, and I don't have source around. My guess is that it's encoding the pri in some other way. Any ideas?
You could use another source for kernel messages: source s_kernel { file("/dev/klog"); }; destination d_kernel { file("/var/log/kern.log"); }; log { source(s_kernel); destination(d_kernel); }; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt