Re: syslog isn't logging messages
Ok, I've downloaded and extracted both klogd and sysklogd. It looks
like the only file that changed as syslog.conf ( as expected). Below is
the diff from the fresh copy and what I had.
~/temp $ diff ./etc/syslog.conf /etc/syslog.conf
19a20,22
> # Logging for dropped packets through iptables
> kern.warn /var/log/firewall
>
54,57c57,60
< #daemon,mail.*;\
< # news.=crit;news.=err;news.=notice;\
< # *.=debug;*.=info;\
< # *.=notice;*.=warn /dev/tty8
---
> daemon,mail.*;\
> news.=crit;news.=err;news.=notice;\
> *.=debug;*.=info;\
> *.=notice;*.=warn /dev/tty8
67,71c70,73
< daemon.*;mail.*;\
< news.crit;news.err;news.notice;\
< *.=debug;*.=info;\
< *.=notice;*.=warn |/dev/xconsole
<
---
> #daemon.*;mail.*;\
> # news.crit;news.err;news.notice;\
> # *.=debug;*.=info;\
> # *.=notice;*.=warn |/dev/xconsole
I'm not sure I see anything there that's concerning, given that kern.*
should have always been logged to /var/log/kern.log with both config
files. Just for completeness I decided to replace syslog.conf with the
fresh version and restart /etc/init.d/sysklogd. I subsequently watched
/var/log/kern.log for output and didn't see anything, even though I
most certainly have the following line in /etc/syslog.conf:
kern.* -/var/log/kern.log
Note though that dmesg is getting input from iptables and syslogd/klogd
(however it works), because I can see entries in dmesg that relate
directly to rules I've got set up in iptables. Just entries in
syslog.conf that have use the kern facility will get logged such that
dmesg can see them, right?
Also, I found something interesting looking through man klogd:
"In Linux there are two potential sources of kernel log information:
the /proc file system and the syscall (sys_syslog) interface,
although ultimately they are one and the same. Klogd is designed to
choose whichever source of information is the most appropriate. It
does this by first checking for the presence of a mounted /proc file
system. If this is found the /proc/kmsg file is used as the source
of kernel log information. If the proc file system is not mounted
klogd uses a sys- tem call to obtain kernel messages. The command
line switch (-s) can be used to force klogd to use the system call
interface as its messag-ing source."
When I do:
$ sudo less /proc/kmsg
Things hang for a while and then eventually I see something that looks
almost identical to the iptables logs I see through dmesg. The file
itselft, however is 0 bytes in length...
$ ls -l /proc/kmsg
-r-------- 1 root root 0 2005-07-22 22:34 /proc/kmsg
Is this a function of /proc being "special" in some sense?
Reply to: