[syslog-ng]Syslog Dropping Information

Mathieu MILLET htam@nerim.net
Mon, 06 May 2002 09:55:13 +0200 (CEST)


     Hi,

I think I got the same problem than you. The trick is that syslog-ng is
restarted  when logs are rotated by logrotate, but not klogd. klogd needs some
sort of pipe to a 'syslog' daemon. So, if you restart syslog-ng, klogd still
sends data through the pipe to nowhere.

klogd needs to be restarted AFTER syslog-ng. So, at rotation time, restart both
syslog-ng and klogd.

I hope it will help.

Sincerely, Mathieu.

Quoting Jim Gifford <maillist@jg555.com>:

> I have noticed over the last few weeks, that it seems that I have been
> dropping information from the kernel log. I am not sure if it is my
> configuration. I have tried two different ways of accessing information
> from
> /proc/kmsg. I have tried pipe without klogd. I have tried file with
> klogd.
> It seems to happen at random times.
> 
> Here is my system information.
> Linux 2.4.18
> Syslog-ng 1.5.17
> 
> Here is a copy of my config.
> 
> options {     sync (0);
>                    time_reopen (10);
>                    log_fifo_size (1000);
>                    long_hostnames(off);
>                    use_dns (no);
>                    use_fqdn (no);
>                    create_dirs (no);
>                    keep_hostname (yes);
> };
> 
> source src {     unix-stream("/dev/log");
>                        internal();
>                        file("/proc/kmsg");
> };
> 
> destination authlog { file("/var/log/authorize.log"); };
> destination syslog { file("/var/log/syslog.log"); };
> destination fcron { file("/var/log/fcron.log"); };
> destination daemon { file("/var/log/daemon.log"); };
> destination kernel { file("/var/log/kernel.log"); };
> destination cups { file("/var/log/cups.log"); };
> destination user { file("/var/log/user.log"); };
> destination mail { file("/var/log/mail.log"); };
> destination fetchmail { file("/var/log/fetchmail.log"); };
> destination news { file("/var/log/news.log"); };
> destination debug { file("/var/log/debug.log"); };
> destination messages { file("/var/log/messages.log"); };
> destination everything { file("/var/log/everything.log"); };
> destination console { usertty("root"); };
> destination console_all { file("/dev/tty12"); };
> destination iptables { file("/var/log/iptables.log"); };
> destination hacker { file("/var/log/hacker.log"); };
> 
> filter f_auth { facility(auth); };
> filter f_authpriv { facility(auth, authpriv); };
> filter f_syslog { not facility(authpriv, mail); };
> filter f_fcron { facility(cron); };
> filter f_daemon { facility(daemon); };
> filter f_kernel { facility(kern); };
> filter f_cups { facility(lpr); };
> filter f_mail { facility(mail); };
> filter f_fetchmail { match("fetchmail"); };
> filter f_news { facility(news); };
> filter f_user { facility(user); };
> filter f_news { facility(news); };
> filter f_debug { not facility(auth, authpriv, news, mail); };
> filter f_messages { level(info..warn) and not facility(auth, authpriv,
> mail,
> news); };
> filter f_everything { level(debug..emerg); };
> filter f_iptables { match("IN="); };
> filter f_hacker { match("Hacker"); };
> filter f_emergency { level(emerg); };
> filter f_info { level(info); };
> filter f_notice { level(notice); };
> filter f_warn { level(warn); };
> filter f_crit { level(crit); };
> filter f_err { level(err); };
> 
> log { source(src); filter(f_authpriv); destination(authlog); };
> log { source(src); filter(f_syslog); destination(syslog); };
> log { source(src); filter(f_fcron); destination(fcron); };
> log { source(src); filter(f_daemon); destination(daemon); };
> log { source(src); filter(f_kernel); destination(kernel); };
> log { source(src); filter(f_cups); destination(cups); };
> log { source(src); filter(f_mail); destination(mail); };
> log { source(src); filter(f_fetchmail); destination(fetchmail); };
> log { source(src); filter(f_news); destination(news); };
> log { source(src); filter(f_user); destination(user); };
> log { source(src); filter(f_debug); destination(debug); };
> log { source(src); filter(f_messages); destination(messages); };
> log { source(src); filter(f_emergency); destination(console); };
> log { source(src); filter(f_everything); destination(everything); };
> log { source(src); filter(f_iptables); destination(iptables); };
> log { source(src); filter(f_hacker); destination(hacker); };
> log { source(src); destination(console_all); };
> 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 



--
Mathieu MILLET
mailto:htam@nerim.net
----