At 14:58 14.03.2002 +0100, you wrote:
Hello.
It seems that syslog-ng doesn't receive syslog messages of the "kern" facility. I have the following configuration (in reality a bit bigger but the other stuff is mostly configuration for receiving log messages from other hosts, it shouldn't affect this problem):
--------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
source src { unix-stream("/dev/log"); internal(); }; destination han_messages { file("/var/log/messages"); }; log { source(src); destination(han_messages); };
---------
I don't think that there are no kernel messages generated by the system. Also with normal syslog I get the following messages when killing/starting klogd:
Mar 14 13:11:59 han kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 14 13:11:59 han kernel: Inspecting /boot/System.map-2.2.16-SMP Mar 14 13:11:59 han kernel: Loaded 9539 symbols from /boot/System.map-2.2.16-SMP. Mar 14 13:11:59 han kernel: Symbols match kernel version 2.2.16. Mar 14 13:11:59 han kernel: Loaded 290 symbols from 7 modules. Mar 14 13:12:03 han kernel: Kernel logging (proc) stopped. Mar 14 13:12:03 han kernel: Kernel log daemon terminating.
With syslog-ng I don't get these messages. So I suspect that there is a problem with syslog-ng getting the messages from klogd.
I really don't know any reason why somebody should want to use klogd when running syslog-ng. Kill klogd, put "pipe("/proc/kmsg");" into your "src" source statement, HUP syslog-ng and everything should be fine. best regards -- Renner Michael Junior System Engineer Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699