"Patrick H." <syslogng@feystorm.net> writes:
So I'm trying to find a way to buffer logs from extremely early in the boot process (from when the initramfs is still running), and then dump them to syslog-ng once it starts. Has anyone done anything similar?
One way to accomplish this is with systemd: it will manage /dev/log itself, and pass the FD to the real syslogd, so you don't have to switch daemons at all, and the init daemon will have /dev/log open from pretty much the earliest time possible. Another option would be to use a dedicated daemon that starts up early, and manages /dev/log by reading from it, and sending the data to another socket if one's available (and buffers otherwise, until the other socket becomes available).
I do seem to recall some other utility I've ran across in my travels that is designed for this exact purpose, in that it buffers syslog messages during boot, then dumps its buffer once the main syslog daemon has started and terminates, but I cant remember what its called (and google is failing me).
You could use klogd, or even busybox's syslogd or pretty much anything else to do this: start them up on boot, configured to log to a file, say, /var/log/boot.log, and change syslog-ng's init script to stop this early-syslogd before starting syslog-ng (thus, freeing up /dev/log for syslog-ng; the kernel will buffer messages in the short time between the old daemon shutting down, and syslog-ng starting up). Then configure syslog-ng to use /var/log/boot.log as source, and either delete the file on shutdown, or during bootup, or whenever. Or just leave it as-is (syslog-ng will remember where to continue from, yay persistence!), or configure rotation as you see fit. Another option would be to just let the kernel buffer until syslog-ng starts up, I guess. -- |8]