You could use another source for kernel messages:
source s_kernel { file("/dev/klog"); }; destination d_kernel { file("/var/log/kern.log"); }; log { source(s_kernel); destination(d_kernel); };
Balazs,
Thanks for the reply. That's a good point - though it still leaves me with the problem of lost severity as well - everything that is read from /dev/klog becomes "LOG_USER/LOG_ERR" which isn't very helpful for my needs.
If the kernel doesn't send any facility/kernel info, I'm afraid syslog-ng can't find it out. Maybe it's using a different protocol? Can you send me a ktrace snippet, where I syslog-ng reads a line read from /dev/klog? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt