[syslog-ng]Kernel logging stops on reload
Paul Chambers
syslog-ng@lists.balabit.hu
Sun, 2 Mar 2003 12:22:30 -0800
I saw some discussion on a similar subject on the list a while back, but
I don't think it dealt with this specifically.
I run logrotate nightly, and it executes '/usr/bin/killall -HUP
syslog-ng' after rotating the logs. After that, I get no more logging
from the kernel until I manually restart syslog-ng ('service syslog-ng
restart').
I realize I could ditch klogd and use syslog-ng exclusively, but I'm
reluctant to drop support for kernel symbols.
Any insights?
Paul
__________________________
Versions:
syslog-ng 1.6.0rc1 (also seen with 1.5.26)
klogd 1.4.1
linux kernel 2.4.18-15clx (Celestix distro, mandrake-based)
killall (psmisc v19)
__________________________
Here's my syslog-ng.conf. I've tried the unix-dgram statement with and
without 'keep-alive(yes) max-connections(512)' just to be sure (I don't
think those options apply to unix-dgram?). I'll be changing the 'logall'
target to feed logsurfer, once I've got that working the way I'd like.
# syslog-ng configuration file.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source sys { unix-dgram ("/dev/log" keep-alive(yes)
max-connections(512)); internal(); };
source remote { udp(); };
destination auth { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination user { file("/var/log/user.log"); };
destination mesg { file("/var/log/messages"); };
destination secure { file("/var/log/secure"); };
destination mailinfo { file("/var/log/mail/info"); };
destination mailwarn { file("/var/log/mail/warnings"); };
destination mailerr { file("/var/log/mail/errors"); };
destination croninfo { file("/var/log/cron/info"); };
destination cronwarn { file("/var/log/cron/warnings"); };
destination cronerr { file("/var/log/cron/error"); };
destination kerninfo { file("/var/log/kernel/info"); };
destination kernwarn { file("/var/log/kernel/warnings"); };
destination kernerr { file("/var/log/kernel/error"); };
destination lprinfo { file("/var/log/lpr/info"); };
destination lprwarn { file("/var/log/lpr/warnings"); };
destination lprerr { file("/var/log/lpr/error"); };
destination newsinfo { file("/var/log/news/info"); };
destination newswarn { file("/var/log/news/warnings"); };
destination newserr { file("/var/log/news/error"); };
destination daemoninfo { file("/var/log/daemons/info"); };
destination daemonwarn { file("/var/log/daemons/warnings"); };
destination daemonerr { file("/var/log/daemons/errors"); };
destination spool { file("/var/log/spooler"); };
destination boot { file("/var/log/boot.log"); };
destination logall { file("/var/log/everything.log"); };
destination mailall { usertty("*"); };
# Generic filters
filter f_info { level(debug,info,notice); };
filter f_warn { level(warn); };
filter f_error { level(error); };
filter f_emergency { level(emerg); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_kernel { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_news { facility(news); };
filter f_daemon { facility(daemon); };
# Specific filters
filter f_authonly { facility(auth,authpriv); };
filter f_user { facility(user); };
# Log anything (except mail) of level info or higher
# Don't log private authentication messages
filter f_mesgs { level(info..warn) and not
facility(mail,authpriv); };
# authpriv logging (restricted)
filter f_secure { facility(authpriv); };
filter f_spool { facility(uucp) or (facility(news) and
level(crit)); };
filter f_boot { facility(local7); };
filter f_syslog { not facility(auth, authpriv); };
# Log to logfiles
log { source(sys); destination(logall); };
log { source(sys); filter(f_spool); destination(spool); };
log { source(sys); filter(f_boot); destination(boot); };
log { source(sys); filter(f_user); destination(user); };
log { source(sys); filter(f_secure); destination(secure); };
log { source(sys); filter(f_syslog); destination(syslog); };
log { source(sys); filter(f_mesgs); destination(mesg); };
log { source(sys); filter(f_authonly); destination(auth); };
log { source(sys); filter(f_mail); filter(f_info);
destination(mailinfo); };
log { source(sys); filter(f_mail); filter(f_warn);
destination(mailwarn); };
log { source(sys); filter(f_mail); filter(f_error);
destination(mailerr); };
log { source(sys); filter(f_cron); filter(f_info);
destination(croninfo); };
log { source(sys); filter(f_cron); filter(f_warn);
destination(cronwarn); };
log { source(sys); filter(f_cron); filter(f_error);
destination(cronerr); };
log { source(sys); filter(f_kernel); filter(f_info);
destination(kerninfo); };
log { source(sys); filter(f_kernel); filter(f_warn);
destination(kernwarn); };
log { source(sys); filter(f_kernel); filter(f_error);
destination(kernerr); };
log { source(sys); filter(f_lpr); filter(f_info); destination(lprinfo);
};
log { source(sys); filter(f_lpr); filter(f_warn); destination(lprwarn);
};
log { source(sys); filter(f_lpr); filter(f_error); destination(lprerr);
};
log { source(sys); filter(f_news); filter(f_info);
destination(newsinfo); };
log { source(sys); filter(f_news); filter(f_warn);
destination(newswarn); };
log { source(sys); filter(f_news); filter(f_error);
destination(newserr); };
log { source(sys); filter(f_daemon); filter(f_info);
destination(daemoninfo); };
log { source(sys); filter(f_daemon); filter(f_warn);
destination(daemonwarn); };
log { source(sys); filter(f_daemon); filter(f_error);
destination(daemonerr); };
# Log to console
log { source(sys); filter(f_emergency); destination(mailall); };
__________________________
Here's my logrotate.conf:
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# send errors to root
errors root
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# don't archive if the log is empty
notifempty
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate it here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
# system-specific logs may be configured here
# catchall that will rotate anything with the normal naming convention
/var/log/*log {
weekly
notifempty
sharedscripts
prerotate
/usr/local/etc/logcheck.sh
endscript
postrotate
/usr/bin/killall -HUP syslog-ng
endscript
}