[syslog-ng] buffer logs from initramfs until syslog-ng starts

[Patrick H.]

So I'm trying to find a way to buffer logs from extremely early in the 
boot process (from when the initramfs is still running), and then dump 
them to syslog-ng once it starts. Has anyone done anything similar?

The only real idea that comes to mind is to use busybox's syslogd and 
have it use a circular buffer, then configure syslog-ng with a program 
source that reads the buffer and then terminates the the daemon 
(something like 'logread ; pkill -x syslogd &>/dev/null'), and set 
follow_freq to 0. Whether this will work or not, I dont know as I've 
never played with program sources. Also a problem I see with this is 
that the busybox syslogd would need to be killed before syslog-ng tries 
to open /dev/log and /proc/kmsg, but I'm not sure how to go about that.

I do seem to recall some other utility I've ran across in my travels 
that is designed for this exact purpose, in that it buffers syslog 
messages during boot, then dumps its buffer once the main syslog daemon 
has started and terminates, but I cant remember what its called (and 
google is failing me).

So does anyone have any good ideas for solving this situation?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110914/d6644432/attachment.htm