Re: syslog isn't logging messages

To: debian-user@lists.debian.org
Subject: Re: syslog isn't logging messages
From: bmcnally@gmail.com
Date: 29 Jan 2006 21:39:42 -0800
Message-id: <[🔎] 1138599582.157988.315880@o13g2000cwo.googlegroups.com>
In-reply-to: <5AnrV-4rs-41@gated-at.bofh.it>
References: <[🔎] 43DBE43F.1030100@gmail.com> <[🔎] 43DBFFEA.4090004@molphys.leidenuniv.nl> <[🔎] 1138496219.713403.172060@g49g2000cwa.googlegroups.com> <[🔎] 43DCEABE.4070000@molphys.leidenuniv.nl>

Ok, I've downloaded and extracted both klogd and sysklogd. It looks
like the only file that changed as syslog.conf ( as expected). Below is
the diff from the fresh copy and what I had.

~/temp $ diff ./etc/syslog.conf /etc/syslog.conf
19a20,22
> # Logging for dropped packets through iptables
> kern.warn                     /var/log/firewall
>
54,57c57,60
< #daemon,mail.*;\
< #     news.=crit;news.=err;news.=notice;\
< #     *.=debug;*.=info;\
< #     *.=notice;*.=warn       /dev/tty8
---
> daemon,mail.*;\
>       news.=crit;news.=err;news.=notice;\
>       *.=debug;*.=info;\
>       *.=notice;*.=warn       /dev/tty8
67,71c70,73
< daemon.*;mail.*;\
<       news.crit;news.err;news.notice;\
<       *.=debug;*.=info;\
<       *.=notice;*.=warn       |/dev/xconsole
<
---
> #daemon.*;mail.*;\
> #     news.crit;news.err;news.notice;\
> #     *.=debug;*.=info;\
> #     *.=notice;*.=warn       |/dev/xconsole

I'm not sure I see anything there that's concerning, given that kern.*
should have always been logged to /var/log/kern.log with both config
files. Just for completeness I decided to replace syslog.conf with the
fresh version and restart /etc/init.d/sysklogd. I subsequently watched
/var/log/kern.log for output and didn't see anything, even though I
most certainly have the following line in /etc/syslog.conf:

kern.*                          -/var/log/kern.log

Note though that dmesg is getting input from iptables and syslogd/klogd
(however it works), because I can see entries in dmesg that relate
directly to rules I've got set up in iptables. Just entries in
syslog.conf that have use the kern facility will get logged such that
dmesg can see them, right?

Also, I found something interesting looking through man klogd:

"In Linux there are two potential sources of kernel log information:
the /proc  file  system  and  the  syscall (sys_syslog) interface,
although ultimately they are one and the same.   Klogd  is designed  to
 choose whichever  source of information is the most appropriate.  It
does this by first checking for the presence of a mounted /proc file
system.   If this  is  found the /proc/kmsg file is used as the source
of kernel log information.  If the proc file system is not mounted
klogd uses a  sys- tem  call  to obtain kernel messages.  The command
line switch (-s) can be used to force klogd to use the system call
interface as its messag-ing source."

When I do:
$ sudo less /proc/kmsg

Things hang for a while and then eventually I see something that looks
almost identical to the iptables logs I see through dmesg. The file
itselft, however is 0 bytes in length...

$ ls -l /proc/kmsg
-r--------  1 root root 0 2005-07-22 22:34 /proc/kmsg

Is this a function of /proc being "special" in some sense?

Reply to:

References:
- syslog isn't logging messages
  - From: Brian McNally <bmcnally@gmail.com>
- Re: syslog isn't logging messages
  - From: Florian Kulzer <florian@molphys.leidenuniv.nl>
- Re: syslog isn't logging messages
  - From: bmcnally@gmail.com
- Re: syslog isn't logging messages
  - From: Florian Kulzer <florian@molphys.leidenuniv.nl>

Prev by Date: Re: 2.6.8 Kernel Problem with Stable
Next by Date: Re: Logging of mail events from Postfix to syslog and rotation of the mail logs
Previous by thread: Re: syslog isn't logging messages
Next by thread: Render acceleration ATI
Index(es):
- Date
- Thread