On Wed, 2005-02-02 at 11:39 -0500, Philip J. Hollenback wrote:

The syslog-ng reference manual

http://www.balabit.com/products/syslog_ng/reference/reference.html#AEN279

contains the following:

...

NOTE: on Linux, the klogd daemon reads kernel messages, and forwards them to the syslogd process. klogd preprocesses kernel messages and replaces addresses with symbolic names (from /boot/System.map). If you don't want to lose this functionality you'll have to run klogd with syslog-ng as well.

That info is obsolete. We run 2.4.22 and 2.6.10 kernels at my company, and both provide symbolic names in backtraces. You can verify this by looking at "dmesg" after an oops - it contains symbolic names, and that is the raw kernel log output.

I think in 2.4.22 it is a RedHat specific patch which does this. I've added this patch to the documentation: diff -u -r1.23.4.4 syslog-ng.sgml --- syslog-ng.sgml 6 May 2004 08:57:52 -0000 1.23.4.4 +++ syslog-ng.sgml 3 Feb 2005 09:00:08 -0000 @@ -735,11 +735,13 @@ </example> <note> <para> - NOTE: on Linux, the klogd daemon reads kernel messages, and - forwards them to the syslogd process. klogd preprocesses - kernel messages and replaces addresses with symbolic names - (from /boot/System.map). If you don't want to lose this - functionality you'll have to run klogd with syslog-ng as well. + NOTE: on Linux, historically the klogd daemon was used to read + kernel messages and forward them to the syslogd process. klogd + preprocessed kernel messages and replaced addresses with + symbolic names (from /boot/System.map), but this method of + symbol resolving has been deprecated by the ksymoops utility and + similar kernel features. For these reasons it is not recommended + to use both klogd and syslog-ng at the same time. </para> </note> </sect2> -- Bazsi