[syslog-ng]Kernel logging stops on reload

2 Mar 2003

      I saw some discussion on a similar subject on the list a while back, but
I don't think it dealt with this specifically.

I run logrotate nightly, and it executes '/usr/bin/killall -HUP
syslog-ng' after rotating the logs. After that, I get no more logging
from the kernel until I manually restart syslog-ng ('service syslog-ng
restart').

I realize I could ditch klogd and use syslog-ng exclusively, but I'm
reluctant to drop support for kernel symbols.

Any insights?

Paul
__________________________
Versions:
syslog-ng 1.6.0rc1 (also seen with 1.5.26)
klogd 1.4.1
linux kernel 2.4.18-15clx (Celestix distro, mandrake-based)
killall (psmisc v19)
__________________________
Here's my syslog-ng.conf. I've tried the unix-dgram statement with and
without 'keep-alive(yes) max-connections(512)' just to be sure (I don't
think those options apply to unix-dgram?). I'll be changing the 'logall'
target to feed logsurfer, once I've got that working the way I'd like.

# syslog-ng configuration file.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (yes);
        };

source sys      { unix-dgram ("/dev/log" keep-alive(yes)
max-connections(512)); internal(); };
source remote   { udp(); };

destination auth        { file("/var/log/auth.log"); };
destination syslog      { file("/var/log/syslog"); };
destination user        { file("/var/log/user.log"); };
destination mesg        { file("/var/log/messages"); };
destination secure      { file("/var/log/secure"); };
destination mailinfo    { file("/var/log/mail/info"); };
destination mailwarn    { file("/var/log/mail/warnings"); };
destination mailerr     { file("/var/log/mail/errors"); };
destination croninfo    { file("/var/log/cron/info"); };
destination cronwarn    { file("/var/log/cron/warnings"); };
destination cronerr     { file("/var/log/cron/error"); };
destination kerninfo    { file("/var/log/kernel/info"); };
destination kernwarn    { file("/var/log/kernel/warnings"); };
destination kernerr     { file("/var/log/kernel/error"); };
destination lprinfo     { file("/var/log/lpr/info"); };
destination lprwarn     { file("/var/log/lpr/warnings"); };
destination lprerr      { file("/var/log/lpr/error"); };
destination newsinfo    { file("/var/log/news/info"); };
destination newswarn    { file("/var/log/news/warnings"); };
destination newserr     { file("/var/log/news/error"); };
destination daemoninfo  { file("/var/log/daemons/info"); };
destination daemonwarn  { file("/var/log/daemons/warnings"); };
destination daemonerr   { file("/var/log/daemons/errors"); };
destination spool       { file("/var/log/spooler"); };
destination boot        { file("/var/log/boot.log"); };
destination logall      { file("/var/log/everything.log"); };
destination mailall     { usertty("*"); };

# Generic filters
filter f_info           { level(debug,info,notice); };
filter f_warn           { level(warn); };
filter f_error          { level(error); };
filter f_emergency      { level(emerg); };
filter f_mail           { facility(mail); };
filter f_cron           { facility(cron); };
filter f_kernel         { facility(kern); };
filter f_lpr            { facility(lpr); };
filter f_news           { facility(news); };
filter f_daemon         { facility(daemon); };
# Specific filters
filter f_authonly       { facility(auth,authpriv); };
filter f_user           { facility(user); };
# Log anything (except mail) of level info or higher
# Don't log private authentication messages
filter f_mesgs          { level(info..warn) and not
facility(mail,authpriv); };
# authpriv logging (restricted)
filter f_secure         { facility(authpriv); };
filter f_spool          { facility(uucp) or (facility(news) and
level(crit)); };
filter f_boot           { facility(local7); };
filter f_syslog         { not facility(auth, authpriv); };

# Log to logfiles
log { source(sys); destination(logall); };
log { source(sys); filter(f_spool); destination(spool); };
log { source(sys); filter(f_boot); destination(boot); };
log { source(sys); filter(f_user); destination(user); };
log { source(sys); filter(f_secure); destination(secure); };
log { source(sys); filter(f_syslog); destination(syslog); };
log { source(sys); filter(f_mesgs); destination(mesg); };
log { source(sys); filter(f_authonly); destination(auth); };
log { source(sys); filter(f_mail); filter(f_info);
destination(mailinfo); };
log { source(sys); filter(f_mail); filter(f_warn);
destination(mailwarn); };
log { source(sys); filter(f_mail); filter(f_error);
destination(mailerr); };
log { source(sys); filter(f_cron); filter(f_info);
destination(croninfo); };
log { source(sys); filter(f_cron); filter(f_warn);
destination(cronwarn); };
log { source(sys); filter(f_cron); filter(f_error);
destination(cronerr); };
log { source(sys); filter(f_kernel); filter(f_info);
destination(kerninfo); };
log { source(sys); filter(f_kernel); filter(f_warn);
destination(kernwarn); };
log { source(sys); filter(f_kernel); filter(f_error);
destination(kernerr); };
log { source(sys); filter(f_lpr); filter(f_info); destination(lprinfo);
};
log { source(sys); filter(f_lpr); filter(f_warn); destination(lprwarn);
};
log { source(sys); filter(f_lpr); filter(f_error); destination(lprerr);
};
log { source(sys); filter(f_news); filter(f_info);
destination(newsinfo); };
log { source(sys); filter(f_news); filter(f_warn);
destination(newswarn); };
log { source(sys); filter(f_news); filter(f_error);
destination(newserr); };
log { source(sys); filter(f_daemon); filter(f_info);
destination(daemoninfo); };
log { source(sys); filter(f_daemon); filter(f_warn);
destination(daemonwarn); };
log { source(sys); filter(f_daemon); filter(f_error);
destination(daemonerr); };
# Log to console
log { source(sys); filter(f_emergency); destination(mailall); };

__________________________
Here's my logrotate.conf:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# send errors to root
errors root

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress

# don't archive if the log is empty
notifempty

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate it here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be configured here

# catchall that will rotate anything with the normal naming convention
/var/log/*log {
   weekly
   notifempty
   sharedscripts
   prerotate
     /usr/local/etc/logcheck.sh
   endscript
   postrotate
     /usr/bin/killall -HUP syslog-ng
   endscript
}

[syslog-ng]Kernel logging stops on reload

Paul Chambers