Hello. It seems that syslog-ng doesn't receive syslog messages of the "kern" facility. I have the following configuration (in reality a bit bigger but the other stuff is mostly configuration for receiving log messages from other hosts, it shouldn't affect this problem): --------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; source src { unix-stream("/dev/log"); internal(); }; destination han_messages { file("/var/log/messages"); }; log { source(src); destination(han_messages); }; --------- I don't think that there are no kernel messages generated by the system. Also with normal syslog I get the following messages when killing/starting klogd: Mar 14 13:11:59 han kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 14 13:11:59 han kernel: Inspecting /boot/System.map-2.2.16-SMP Mar 14 13:11:59 han kernel: Loaded 9539 symbols from /boot/System.map-2.2.16-SMP. Mar 14 13:11:59 han kernel: Symbols match kernel version 2.2.16. Mar 14 13:11:59 han kernel: Loaded 290 symbols from 7 modules. Mar 14 13:12:03 han kernel: Kernel logging (proc) stopped. Mar 14 13:12:03 han kernel: Kernel log daemon terminating. With syslog-ng I don't get these messages. So I suspect that there is a problem with syslog-ng getting the messages from klogd. I updated to version 1.4.14 and the problem still exists. Any hint appreciated :-) Thank you, Stephan
Stephan, You are using the internal() for internal syslog-ng messages, if your system supports /dev/klog then those are the kernel messages you want. Unixstream (/dev/klog); HTH
Hello.
It seems that syslog-ng doesn't receive syslog messages of the "kern" facility. I have the following configuration (in reality a bit bigger but
the
other stuff is mostly configuration for receiving log messages from other hosts, it shouldn't affect this problem):
--------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
source src { unix-stream("/dev/log"); internal(); }; destination han_messages { file("/var/log/messages"); }; log { source(src); destination(han_messages); };
---------
I don't think that there are no kernel messages generated by the system. Also with normal syslog I get the following messages when killing/starting klogd:
Mar 14 13:11:59 han kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 14 13:11:59 han kernel: Inspecting /boot/System.map-2.2.16-SMP Mar 14 13:11:59 han kernel: Loaded 9539 symbols from /boot/System.map-2.2.16-SMP. Mar 14 13:11:59 han kernel: Symbols match kernel version 2.2.16. Mar 14 13:11:59 han kernel: Loaded 290 symbols from 7 modules. Mar 14 13:12:03 han kernel: Kernel logging (proc) stopped. Mar 14 13:12:03 han kernel: Kernel log daemon terminating.
With syslog-ng I don't get these messages. So I suspect that there is a problem with syslog-ng getting the messages from klogd.
I updated to version 1.4.14 and the problem still exists.
Any hint appreciated :-)
Thank you,
Stephan
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
At 14:58 14.03.2002 +0100, you wrote:
Hello.
It seems that syslog-ng doesn't receive syslog messages of the "kern" facility. I have the following configuration (in reality a bit bigger but the other stuff is mostly configuration for receiving log messages from other hosts, it shouldn't affect this problem):
--------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
source src { unix-stream("/dev/log"); internal(); }; destination han_messages { file("/var/log/messages"); }; log { source(src); destination(han_messages); };
---------
I don't think that there are no kernel messages generated by the system. Also with normal syslog I get the following messages when killing/starting klogd:
Mar 14 13:11:59 han kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 14 13:11:59 han kernel: Inspecting /boot/System.map-2.2.16-SMP Mar 14 13:11:59 han kernel: Loaded 9539 symbols from /boot/System.map-2.2.16-SMP. Mar 14 13:11:59 han kernel: Symbols match kernel version 2.2.16. Mar 14 13:11:59 han kernel: Loaded 290 symbols from 7 modules. Mar 14 13:12:03 han kernel: Kernel logging (proc) stopped. Mar 14 13:12:03 han kernel: Kernel log daemon terminating.
With syslog-ng I don't get these messages. So I suspect that there is a problem with syslog-ng getting the messages from klogd.
I really don't know any reason why somebody should want to use klogd when running syslog-ng. Kill klogd, put "pipe("/proc/kmsg");" into your "src" source statement, HUP syslog-ng and everything should be fine. best regards -- Renner Michael Junior System Engineer Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699
Renner, Let me ask youa question. I notice that syslog-ng only processes the unixstream source when it shuts down. What do I need to set so that it processes them as they happen. TIA
At 10:01 14.03.2002 -0500, you wrote:
Renner,
Let me ask youa question. I notice that syslog-ng only processes the unixstream source when it shuts down. What do I need to set so that it processes them as they happen.
So you mean that your syslog-ng only flushes messages to disk when it gets killed/HUP'ed? This should be prevented by the sync(0) option (means that every message gets written to disk when syslog-ng receives it). best regards -- Renner Michael Junior System Engineer Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699
If you use Redhat 6.x, try sock-dgram instead of sock-stream. On Thu, Mar 14, 2002 at 02:58:13PM +0100, Stephan Uhlmann wrote:
Hello.
It seems that syslog-ng doesn't receive syslog messages of the "kern" facility. I have the following configuration (in reality a bit bigger but the other stuff is mostly configuration for receiving log messages from other hosts, it shouldn't affect this problem):
--------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
source src { unix-stream("/dev/log"); internal(); }; destination han_messages { file("/var/log/messages"); }; log { source(src); destination(han_messages); };
---------
I don't think that there are no kernel messages generated by the system. Also with normal syslog I get the following messages when killing/starting klogd:
Mar 14 13:11:59 han kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 14 13:11:59 han kernel: Inspecting /boot/System.map-2.2.16-SMP Mar 14 13:11:59 han kernel: Loaded 9539 symbols from /boot/System.map-2.2.16-SMP. Mar 14 13:11:59 han kernel: Symbols match kernel version 2.2.16. Mar 14 13:11:59 han kernel: Loaded 290 symbols from 7 modules. Mar 14 13:12:03 han kernel: Kernel logging (proc) stopped. Mar 14 13:12:03 han kernel: Kernel log daemon terminating.
With syslog-ng I don't get these messages. So I suspect that there is a problem with syslog-ng getting the messages from klogd.
I updated to version 1.4.14 and the problem still exists.
Any hint appreciated :-)
Thank you,
Stephan
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
-- Jerome Peducasse Wanadoo Portails - Sophia Antipolis
On Thursday 14 March 2002 16:31, Jerome Peducasse wrote:
If you use Redhat 6.x, try sock-dgram instead of sock-stream.
I'm using SuSE 7.0 but that fixed it. Many thanks! Also to the other people making suggestions. Stephan
participants (4)
-
Jerome Peducasse
-
Michael Renner
-
Roscoe
-
Stephan Uhlmann