Hi, It's a known bug on FreeBSD and fixed in v3.0.5. Upgrade your syslog-ng, or use the follow_freq(0) option in kernel source, please. This patch fixed it: commit ea34eee9a1172c213aeccbf68ed4fa2881c97b29 Author: Balazs Scheidler <bazsi@balabit.hu> Date: Mon Nov 2 10:59:30 2009 +0100 affile: set follow_freq to 0 on FreeBSD kernel messages FreeBSD uses /dev/klog character device for kernel messages. But since the file source driver set follow_freq to 0 only on Linux, this meant that FreeBSD config files needed an explicit follow_freq(0) in their /dev/klog source definition. This patch makes this the default on /dev/klog if the __FreeBSD__ macro is defined. diff --git a/src/affile.c b/src/affile.c index 3b92a85..15dbee0 100644 --- a/src/affile.c +++ b/src/affile.c @@ -395,13 +395,17 @@ affile_sd_new(gchar *filename, guint32 flags) { if ((self->flags & AFFILE_PIPE) == 0) self->reader_options.follow_freq = 1000; - + + if (0 || #if __linux__ - if (strcmp(filename, "/proc/kmsg") == 0) + (strcmp(filename, "/proc/kmsg") == 0) || +#elif __FreeBSD__ + (strcmp(filename, "/dev/klog") == 0) || +#endif + 0) { self->reader_options.follow_freq = 0; } -#endif } #if __linux__ if (strcmp(filename, "/proc/kmsg") == 0) Phusion wrote:
I've used syslog-ng 1.x and 2.x, but am new to using 3.x. I'm using syslog-ng 3.0.3 on a FreeBSD 8.0 server. I'm having trouble getting kernel messages. I've made a very small config file, and this isn't working either.
@version:3.0 source local { internal(); file("/dev/klog"); unix-dgram("/var/run/log"); }; destination all { file("/var/log/all.log"); }; log { source(local); destination(all); };
This picks up other things, but not the kernel messages. I assume it's a small configuration issue. Let me know. Thanks.
Phusion ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee