[syslog-ng]no kernel facility
Michael Renner
m.renner@inode.at
Thu, 14 Mar 2002 15:39:49 +0100
At 14:58 14.03.2002 +0100, you wrote:
>Hello.
>
>It seems that syslog-ng doesn't receive syslog messages of the "kern"
>facility. I have the following configuration (in reality a bit bigger but the
>other stuff is mostly configuration for receiving log messages from other
>hosts, it shouldn't affect this problem):
>
>---------
>options { sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (off);
> use_fqdn (no);
> create_dirs (yes);
> keep_hostname (yes);
> };
>
>source src { unix-stream("/dev/log"); internal(); };
>destination han_messages { file("/var/log/messages"); };
>log { source(src); destination(han_messages); };
>
>---------
>
>I don't think that there are no kernel messages generated by the system. Also
>with normal syslog I get the following messages when killing/starting klogd:
>
>Mar 14 13:11:59 han kernel: klogd 1.3-3, log source = /proc/kmsg started.
>Mar 14 13:11:59 han kernel: Inspecting /boot/System.map-2.2.16-SMP
>Mar 14 13:11:59 han kernel: Loaded 9539 symbols from
>/boot/System.map-2.2.16-SMP.
>Mar 14 13:11:59 han kernel: Symbols match kernel version 2.2.16.
>Mar 14 13:11:59 han kernel: Loaded 290 symbols from 7 modules.
>Mar 14 13:12:03 han kernel: Kernel logging (proc) stopped.
>Mar 14 13:12:03 han kernel: Kernel log daemon terminating.
>
>With syslog-ng I don't get these messages. So I suspect that there is a
>problem with syslog-ng getting the messages from klogd.
I really don't know any reason why somebody should want to use klogd when
running syslog-ng. Kill klogd, put "pipe("/proc/kmsg");" into your "src"
source statement, HUP syslog-ng and everything should be fine.
best regards
--
Renner Michael
Junior System Engineer
Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at
support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699