Can't get kernel messages on FreeBSD - syslog-ng - lists.balabit.hu

newer
GeoIP template function

Can't get kernel messages on FreeBSD

older
syslog-ng 3.05 receive but not...

Tomoki BENIYA

19 Oct 2012 19 Oct '12

8:59 a.m.

Hi all. I installed syslog-ng3.3.6_3 using ports on FreeBSD9.0-RELEASE(i386). I can't get kernel messages by default configuration. ex. em0: link state changed to DOWN em0: link state changed to UP But, I can see them using 'cat /dev/klog' after stoppedsyslog-ng. So, I think syslog-ng can't get kermel messages from /dev/klog. How to get kernel messages using syslog-ng? Please give me a hint or something! * /etc/rc.conf syslogd_enable="NO" syslog_ng_enable="YES" * /usr/local/etc/syslog-ng.conf source s_kern { file("/dev/klog"); }; filter f_kern { facility(kern); }; destination d_kern { file("/var/log/kern.log"); }; log { source(s_kern); filter(f_kern); destination(d_kern); }; -- Tomoki BENIYA <beniya@bit-isle.co.jp>

Show replies by date

Gergely Nagy

19 Oct 19 Oct

9:33 a.m.

Tomoki BENIYA <beniya@bit-isle.co.jp> writes:

I installed syslog-ng3.3.6_3 using ports on FreeBSD9.0-RELEASE(i386). I can't get kernel messages by default configuration. ex. em0: link state changed to DOWN em0: link state changed to UP

But, I can see them using 'cat /dev/klog' after stoppedsyslog-ng. So, I think syslog-ng can't get kermel messages from /dev/klog.

This should be fixed in 3.3.7RC2 (or 3.3.6.91), sysutils/syslog-ng-rc from ports should make upgrading easy.

source s_kern { file("/dev/klog"); };

You might want to use the system() source here, or add a few flags to this: file("/dev/klog" follow-freq(0) program-override("kernel") flags(no-parse)); -- |8]

Tomoki BENIYA

11:11 a.m.

Thank you for your reply. I'll try to upgrade syslog-ng or modify configuration. Thnaks. On Fri, 19 Oct 2012 10:33:04 +0200 Gergely Nagy <algernon@balabit.hu> wrote:

Tomoki BENIYA <beniya@bit-isle.co.jp> writes:

...
I installed syslog-ng3.3.6_3 using ports on FreeBSD9.0-RELEASE(i386). I can't get kernel messages by default configuration. ex. em0: link state changed to DOWN em0: link state changed to UP

But, I can see them using 'cat /dev/klog' after stoppedsyslog-ng. So, I think syslog-ng can't get kermel messages from /dev/klog.

This should be fixed in 3.3.7RC2 (or 3.3.6.91), sysutils/syslog-ng-rc from ports should make upgrading easy.

...
source s_kern { file("/dev/klog"); };

You might want to use the system() source here, or add a few flags to this:

file("/dev/klog" follow-freq(0) program-override("kernel") flags(no-parse));

-- |8]

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-- Tomoki BENIYA <beniya@bit-isle.co.jp>

4691

Age (days ago)

4691

Last active (days ago)

Download

2 comments

2 participants

tags

participants (2)

Gergely Nagy
Tomoki BENIYA