For assorted reasons we're using a BSDI 2.1 system and I would like to install syslog-ng on it. I have got 1.4.3 working with the exception of kernel logging. It turns out that there is also a special device "/dev/klog" which you can read the kernel syslog messages from, but when I add it with a file("/dev/klog") in a source statement, the messages are not flagged as LOG_KERN but instead defaulting to LOG_USER.
I presume it's because bsdi 2.1 doesn't put <nnn> at the front of these messages. The behaviour of /dev/klog does not appear to be documented, and I don't have source around. My guess is that it's encoding the pri in some other way. Any ideas?
You could use another source for kernel messages: source s_kernel { file("/dev/klog"); }; destination d_kernel { file("/var/log/kern.log"); }; log { source(s_kernel); destination(d_kernel); }; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Tue, May 16, 2000 at 09:24:13PM +0200, Balazs Scheidler wrote:
You could use another source for kernel messages:
source s_kernel { file("/dev/klog"); }; destination d_kernel { file("/var/log/kern.log"); }; log { source(s_kernel); destination(d_kernel); };
Balazs, Thanks for the reply. That's a good point - though it still leaves me with the problem of lost severity as well - everything that is read from /dev/klog becomes "LOG_USER/LOG_ERR" which isn't very helpful for my needs. Chris
You could use another source for kernel messages:
source s_kernel { file("/dev/klog"); }; destination d_kernel { file("/var/log/kern.log"); }; log { source(s_kernel); destination(d_kernel); };
Balazs,
Thanks for the reply. That's a good point - though it still leaves me with the problem of lost severity as well - everything that is read from /dev/klog becomes "LOG_USER/LOG_ERR" which isn't very helpful for my needs.
If the kernel doesn't send any facility/kernel info, I'm afraid syslog-ng can't find it out. Maybe it's using a different protocol? Can you send me a ktrace snippet, where I syslog-ng reads a line read from /dev/klog? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Wed, May 17, 2000 at 08:28:43AM +0200, Balazs Scheidler wrote:
If the kernel doesn't send any facility/kernel info, I'm afraid syslog-ng can't find it out. Maybe it's using a different protocol?
Can you send me a ktrace snippet, where syslog-ng reads a line read from /dev/klog?
Ok, so I'm an idiot. Thanks for the ktrace suggestion. Yes, /dev/klog does include <##> information, and the reason it wasn't being sent where I thought was a because my filter expression had: facility(kern) and level(info) and not: facility(kern) and level(info..emerg) Needless to say, the message was at "warn" level. Too much cleaning up of syslog.conf files is my only excuse. The only small residual problem is that syslog used to put "kernel:" on the front of kernel messages, but syslog-ng doesn't. I wonder if this might be a new parameter for the file (etc.) statement, e.g.: source kernel { file("/dev/klog" label("kernel: ")); }; Thanks for your assistance, Chris
participants (2)
-
Balazs Scheidler
-
Chris Maltby