Syslog-ng 3.x and kernel messages
I've used syslog-ng 1.x and 2.x, but am new to using 3.x. I'm using syslog-ng 3.0.3 on a FreeBSD 8.0 server. I'm having trouble getting kernel messages. I've made a very small config file, and this isn't working either. @version:3.0 source local { internal(); file("/dev/klog"); unix-dgram("/var/run/log"); }; destination all { file("/var/log/all.log"); }; log { source(local); destination(all); }; This picks up other things, but not the kernel messages. I assume it's a small configuration issue. Let me know. Thanks. Phusion
I don't use FreBSD, but under linux the kernel messages are in /dev/kmsg source local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); unix-dgram("/var/run/log"); }; ________________________________________ From: syslog-ng-bounces@lists.balabit.hu [syslog-ng-bounces@lists.balabit.hu] On Behalf Of Phusion [phusion2k@gmail.com] Sent: Sunday, February 21, 2010 9:41 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Syslog-ng 3.x and kernel messages I've used syslog-ng 1.x and 2.x, but am new to using 3.x. I'm using syslog-ng 3.0.3 on a FreeBSD 8.0 server. I'm having trouble getting kernel messages. I've made a very small config file, and this isn't working either. @version:3.0 source local { internal(); file("/dev/klog"); unix-dgram("/var/run/log"); }; destination all { file("/var/log/all.log"); }; log { source(local); destination(all); }; This picks up other things, but not the kernel messages. I assume it's a small configuration issue. Let me know. Thanks. Phusion ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Sun, Feb 21, 2010 at 12:04 PM, Evan Rempel <erempel@uvic.ca> wrote:
I don't use FreBSD, but under linux the kernel messages are in /dev/kmsg
source local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); unix-dgram("/var/run/log"); };
________________________________________ From: syslog-ng-bounces@lists.balabit.hu [syslog-ng-bounces@lists.balabit.hu] On Behalf Of Phusion [phusion2k@gmail.com] Sent: Sunday, February 21, 2010 9:41 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Syslog-ng 3.x and kernel messages
I've used syslog-ng 1.x and 2.x, but am new to using 3.x. I'm using syslog-ng 3.0.3 on a FreeBSD 8.0 server. I'm having trouble getting kernel messages. I've made a very small config file, and this isn't working either.
@version:3.0 source local { internal(); file("/dev/klog"); unix-dgram("/var/run/log"); }; destination all { file("/var/log/all.log"); }; log { source(local); destination(all); };
This picks up other things, but not the kernel messages. I assume it's a small configuration issue. Let me know. Thanks.
Phusion ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
FreeBSD uses the file /dev/klog. I have this working on a FreeBSD 8.0 machine running syslog-ng 2.0.10. Phusion
Hi, It's a known bug on FreeBSD and fixed in v3.0.5. Upgrade your syslog-ng, or use the follow_freq(0) option in kernel source, please. This patch fixed it: commit ea34eee9a1172c213aeccbf68ed4fa2881c97b29 Author: Balazs Scheidler <bazsi@balabit.hu> Date: Mon Nov 2 10:59:30 2009 +0100 affile: set follow_freq to 0 on FreeBSD kernel messages FreeBSD uses /dev/klog character device for kernel messages. But since the file source driver set follow_freq to 0 only on Linux, this meant that FreeBSD config files needed an explicit follow_freq(0) in their /dev/klog source definition. This patch makes this the default on /dev/klog if the __FreeBSD__ macro is defined. diff --git a/src/affile.c b/src/affile.c index 3b92a85..15dbee0 100644 --- a/src/affile.c +++ b/src/affile.c @@ -395,13 +395,17 @@ affile_sd_new(gchar *filename, guint32 flags) { if ((self->flags & AFFILE_PIPE) == 0) self->reader_options.follow_freq = 1000; - + + if (0 || #if __linux__ - if (strcmp(filename, "/proc/kmsg") == 0) + (strcmp(filename, "/proc/kmsg") == 0) || +#elif __FreeBSD__ + (strcmp(filename, "/dev/klog") == 0) || +#endif + 0) { self->reader_options.follow_freq = 0; } -#endif } #if __linux__ if (strcmp(filename, "/proc/kmsg") == 0) Phusion wrote:
I've used syslog-ng 1.x and 2.x, but am new to using 3.x. I'm using syslog-ng 3.0.3 on a FreeBSD 8.0 server. I'm having trouble getting kernel messages. I've made a very small config file, and this isn't working either.
@version:3.0 source local { internal(); file("/dev/klog"); unix-dgram("/var/run/log"); }; destination all { file("/var/log/all.log"); }; log { source(local); destination(all); };
This picks up other things, but not the kernel messages. I assume it's a small configuration issue. Let me know. Thanks.
Phusion ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee
participants (3)
-
Evan Rempel
-
Phusion
-
Zoltán Pallagi