I'm currently running syslog-ng on a test system, with all logs being sent to a single file so that I can monitor what syslog-ng is (or isn't) doing. As far as I can tell, all facilities are being logged except for 'kern.*'. I'm running it on Red Hat 6.2 (intel) as a drop-in replacement for syslogd (it is started prior to klogd, version 1.3-3). ===syslog-ng sample=== read(0, "<6>Packet log: input DENY eth0 P"..., 4095) = 114 connect(1, {sin_family=AF_UNIX, path="/dev/log"}, 10) = -1 EPROTOTYPE (Protocol wrong type for socket) time([958581560]) = 958581560 write(1, "<6>May 17 12:39:20 kernel: Packe"..., 139) = -1 ENOTCONN (Transport endpoint is not connected)
klogd tries to use a SOCK_DGRAM socket, so try to use the unix-dgram driver. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt