[syslog-ng] ignore src{}; contents at startup?
Jens Grigel
jens.grigel at sskm.de
Wed Oct 12 14:21:25 CEST 2005
On Wed, 2005-10-12 at 07:39, Brian A. Seklecki wrote:
> All:
>
> On FreeBSD, /dev/klog provides for output from the kernel (normally
> redirected to /dev/console before syslog starts).
>
> At startup, /etc/rc.d/dmesg copies the kernel boot hardware paramters to
> /var/run/dmesg.boot.
>
> If I have my src(); set to:
>
> source src { unix-dgram("/var/run/log");
> unix-dgram("/var/run/logpriv" perm(0600));
> internal(); file("/dev/klog"); };
>
> ...at starup, syslog-ng drains the contents of /dev/klog. By default it
> tsends to them to user.notice.
>
> I like to log{} these to an SMS pager (so I know if a RAID is failing or
> other hardware problem). However, I'd like to avoid duplication of the
> efforts of /etc/rc.d/dmesg on behalf of syslog-ng(8) ...especially since I
> route user.notice to my pager, and kernel boot dmesg(8) can grow over 50
> lines.
>
>
> /dev/klog really isn't a socket. It's a special char device.
>
>
> Is there anyway to tell syslog-ng(8) to ignore it's contents at startup?
> If it was tail(1), i'd say "tail -0 -f /file".
>
> Perhaps clear out the contents of /dev/klog somehow?
>
dmesg (on Linux, sorry, don't know if this is available on FreeBSD) has
the command line switch "-c" for clearing the kernel ring buffer after
printing. Maybe adding a line like:
dmesg -c >/dev/null
in the syslog-ng startup script just before starting the syslog-ng
daemon if the behaviour of dmesg on FreeBSD is comparable to the one on
Linux?
--
Jens Grigel
Citysavingsbank Munich, Germany
Dep. of Network and Security
More information about the syslog-ng
mailing list