[syslog-ng]Syslog Dropping Information

Jim Gifford maillist@jg555.com
Mon, 6 May 2002 10:23:40 -0700


So if I add the command to stop syslog-ng, do log rotation, then restart it
should be fine. I will give it a try tonight.

----- Original Message -----
From: "Mathieu MILLET" <htam@nerim.net>
To: <syslog-ng@lists.balabit.hu>
Sent: Monday, May 06, 2002 12:55 AM
Subject: Re: [syslog-ng]Syslog Dropping Information


>      Hi,
>
> I think I got the same problem than you. The trick is that syslog-ng is
> restarted  when logs are rotated by logrotate, but not klogd. klogd needs
some
> sort of pipe to a 'syslog' daemon. So, if you restart syslog-ng, klogd
still
> sends data through the pipe to nowhere.
>
> klogd needs to be restarted AFTER syslog-ng. So, at rotation time, restart
both
> syslog-ng and klogd.
>
> I hope it will help.
>
> Sincerely, Mathieu.
>
> Quoting Jim Gifford <maillist@jg555.com>:
>
> > I have noticed over the last few weeks, that it seems that I have been
> > dropping information from the kernel log. I am not sure if it is my
> > configuration. I have tried two different ways of accessing information
> > from
> > /proc/kmsg. I have tried pipe without klogd. I have tried file with
> > klogd.
> > It seems to happen at random times.
> >
> > Here is my system information.
> > Linux 2.4.18
> > Syslog-ng 1.5.17
> >
> > Here is a copy of my config.
> >
> > options {     sync (0);
> >                    time_reopen (10);
> >                    log_fifo_size (1000);
> >                    long_hostnames(off);
> >                    use_dns (no);
> >                    use_fqdn (no);
> >                    create_dirs (no);
> >                    keep_hostname (yes);
> > };
> >
> > source src {     unix-stream("/dev/log");
> >                        internal();
> >                        file("/proc/kmsg");
> > };
> >
> > destination authlog { file("/var/log/authorize.log"); };
> > destination syslog { file("/var/log/syslog.log"); };
> > destination fcron { file("/var/log/fcron.log"); };
> > destination daemon { file("/var/log/daemon.log"); };
> > destination kernel { file("/var/log/kernel.log"); };
> > destination cups { file("/var/log/cups.log"); };
> > destination user { file("/var/log/user.log"); };
> > destination mail { file("/var/log/mail.log"); };
> > destination fetchmail { file("/var/log/fetchmail.log"); };
> > destination news { file("/var/log/news.log"); };
> > destination debug { file("/var/log/debug.log"); };
> > destination messages { file("/var/log/messages.log"); };
> > destination everything { file("/var/log/everything.log"); };
> > destination console { usertty("root"); };
> > destination console_all { file("/dev/tty12"); };
> > destination iptables { file("/var/log/iptables.log"); };
> > destination hacker { file("/var/log/hacker.log"); };
> >
> > filter f_auth { facility(auth); };
> > filter f_authpriv { facility(auth, authpriv); };
> > filter f_syslog { not facility(authpriv, mail); };
> > filter f_fcron { facility(cron); };
> > filter f_daemon { facility(daemon); };
> > filter f_kernel { facility(kern); };
> > filter f_cups { facility(lpr); };
> > filter f_mail { facility(mail); };
> > filter f_fetchmail { match("fetchmail"); };
> > filter f_news { facility(news); };
> > filter f_user { facility(user); };
> > filter f_news { facility(news); };
> > filter f_debug { not facility(auth, authpriv, news, mail); };
> > filter f_messages { level(info..warn) and not facility(auth, authpriv,
> > mail,
> > news); };
> > filter f_everything { level(debug..emerg); };
> > filter f_iptables { match("IN="); };
> > filter f_hacker { match("Hacker"); };
> > filter f_emergency { level(emerg); };
> > filter f_info { level(info); };
> > filter f_notice { level(notice); };
> > filter f_warn { level(warn); };
> > filter f_crit { level(crit); };
> > filter f_err { level(err); };
> >
> > log { source(src); filter(f_authpriv); destination(authlog); };
> > log { source(src); filter(f_syslog); destination(syslog); };
> > log { source(src); filter(f_fcron); destination(fcron); };
> > log { source(src); filter(f_daemon); destination(daemon); };
> > log { source(src); filter(f_kernel); destination(kernel); };
> > log { source(src); filter(f_cups); destination(cups); };
> > log { source(src); filter(f_mail); destination(mail); };
> > log { source(src); filter(f_fetchmail); destination(fetchmail); };
> > log { source(src); filter(f_news); destination(news); };
> > log { source(src); filter(f_user); destination(user); };
> > log { source(src); filter(f_debug); destination(debug); };
> > log { source(src); filter(f_messages); destination(messages); };
> > log { source(src); filter(f_emergency); destination(console); };
> > log { source(src); filter(f_everything); destination(everything); };
> > log { source(src); filter(f_iptables); destination(iptables); };
> > log { source(src); filter(f_hacker); destination(hacker); };
> > log { source(src); destination(console_all); };
> >
> >
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >
>
>
>
> --
> Mathieu MILLET
> mailto:htam@nerim.net
> ----
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>