[syslog-ng]There's no need to run klogd on current linux
kernels
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 03 Feb 2005 10:00:56 +0100
On Wed, 2005-02-02 at 11:39 -0500, Philip J. Hollenback wrote:
> The syslog-ng reference manual
>
> http://www.balabit.com/products/syslog_ng/reference/reference.html#AEN279
>
> contains the following:
>
> > NOTE: on Linux, the klogd daemon reads kernel messages, and
> > forwards them to the syslogd process. klogd preprocesses kernel
> > messages and replaces addresses with symbolic names (from
> > /boot/System.map). If you don't want to lose this functionality
> > you'll have to run klogd with syslog-ng as well.
>
> That info is obsolete. We run 2.4.22 and 2.6.10 kernels at
> my company, and both provide symbolic names in backtraces. You can
> verify this by looking at "dmesg" after an oops - it contains symbolic
> names, and that is the raw kernel log output.
I think in 2.4.22 it is a RedHat specific patch which does this. I've
added this patch to the documentation:
diff -u -r1.23.4.4 syslog-ng.sgml
--- syslog-ng.sgml 6 May 2004 08:57:52 -0000 1.23.4.4
+++ syslog-ng.sgml 3 Feb 2005 09:00:08 -0000
@@ -735,11 +735,13 @@
</example>
<note>
<para>
- NOTE: on Linux, the klogd daemon reads kernel messages, and
- forwards them to the syslogd process. klogd preprocesses
- kernel messages and replaces addresses with symbolic names
- (from /boot/System.map). If you don't want to lose this
- functionality you'll have to run klogd with syslog-ng as well.
+ NOTE: on Linux, historically the klogd daemon was used to read
+ kernel messages and forward them to the syslogd process. klogd
+ preprocessed kernel messages and replaced addresses with
+ symbolic names (from /boot/System.map), but this method of
+ symbol resolving has been deprecated by the ksymoops utility and
+ similar kernel features. For these reasons it is not recommended
+ to use both klogd and syslog-ng at the same time.
</para>
</note>
</sect2>
--
Bazsi