[syslog-ng] Problems with kernel logging
Brian K. Mohr
bkmohr@Princeton.EDU
Wed, 17 May 2000 14:17:13 -0400
Greetings:
Sorry if this rehashes old territory--I've seen this issue addressed in
the list archives. Unfortunately, I've reached an impasse.
I'm currently running syslog-ng on a test system, with all logs being
sent to a single file so that I can monitor what syslog-ng is (or isn't)
doing. As far as I can tell, all facilities are being logged except for
'kern.*'. I'm running it on Red Hat 6.2 (intel) as a drop-in replacement
for syslogd (it is started prior to klogd, version 1.3-3).
As suggested in a prior posting on this topic, I've run 'strace -f' on
klogd with both syslogd and syslog-ng (and ipchains logging all denied
packets so there should be plenty of logging to kern.info) with the
following result:
===syslogd sample===
read(0, "<6>Packet log: input DENY eth0 P"..., 4095) = 121
time([958581388]) = 958581388
write(1, "<6>May 17 12:36:28 kernel: Packe"..., 146) = 146
===syslog-ng sample===
read(0, "<6>Packet log: input DENY eth0 P"..., 4095) = 114
connect(1, {sin_family=AF_UNIX, path="/dev/log"}, 10) = -1 EPROTOTYPE
(Protocol wrong type for socket)
time([958581560]) = 958581560
write(1, "<6>May 17 12:39:20 kernel: Packe"..., 139) = -1 ENOTCONN
(Transport endpoint is not connected)
It would appear that klogd is _trying_ to log to /dev/log, but fails
when syslog-ng is running. I do see kernel messages sent from remote
hosts (still running syslogd) in the destination file, just not for the
local host.
source local { unix-stream("/dev/log"); internal(); }; # no kern.*
source net { udp(ip(0.0.0.0) port(514)); }; # kern facility OK
Any suggestions? Thanks in advance!
--Brian
--
Brian Mohr email: bkmohr@princeton.edu
Systems Administrator phone: (609) 258-2618
Atmospheric and Oceanic Sciences fax: (609) 258-2850
Princeton University