[syslog-ng] ignore src{}; contents at startup?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Wed Oct 12 07:39:49 CEST 2005
All:
On FreeBSD, /dev/klog provides for output from the kernel (normally
redirected to /dev/console before syslog starts).
At startup, /etc/rc.d/dmesg copies the kernel boot hardware paramters to
/var/run/dmesg.boot.
If I have my src(); set to:
source src { unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
internal(); file("/dev/klog"); };
...at starup, syslog-ng drains the contents of /dev/klog. By default it
tsends to them to user.notice.
I like to log{} these to an SMS pager (so I know if a RAID is failing or
other hardware problem). However, I'd like to avoid duplication of the
efforts of /etc/rc.d/dmesg on behalf of syslog-ng(8) ...especially since I
route user.notice to my pager, and kernel boot dmesg(8) can grow over 50
lines.
/dev/klog really isn't a socket. It's a special char device.
Is there anyway to tell syslog-ng(8) to ignore it's contents at startup?
If it was tail(1), i'd say "tail -0 -f /file".
Perhaps clear out the contents of /dev/klog somehow?
TIA,
~BAS
More information about the syslog-ng
mailing list