| View previous topic :: View next topic |
| Author |
Message |
tholin
Apprentice
Joined: 04 Oct 2008
Posts: 204
|
 Posted: Sun Mar 22, 2015 8:20 am Post subject: syslog-ng-3.6.2 doesn't log dmesg anymore? |
 |
|
After upgrading to syslog-ng-3.6.2 from 3.4.8 I no longer get dmesg messages in the log. I'm using the same config as before. Downgrading back to 3.4.8 gives me dmesg again.
My /etc/syslog-ng/syslog-ng.conf
| Code: | @version: 3.4
@include "scl.conf"
options {
threaded(yes);
chain_hostnames(no);
stats_freq(43200);
mark_freq(0);
};
source src { system(); internal(); };
destination messages { file("/var/log/messages"
template("$FULLDATE $HOST [$LEVEL] $MSG\n")
template_escape(no)); };
destination console_all { file("/dev/tty12"); };
destination rss_notif { program("/home/cocobo/Programmering/work/rssnotify/syslog_redirect.pl"
template("Syslog [$LEVEL] $MSG\n")
template_escape(no)); };
#remove annoying cron messages
filter f_not_cron_test { not facility(cron) or not level(info); };
filter f_critical { level(warn .. emerg); };
log { source(src); filter(f_not_cron_test); destination(messages); };
log { source(src); filter(f_not_cron_test); destination(console_all); };
log { source(src); filter(f_critical); destination(rss_notif); };
|
Reading the changelog the only relevant change I can find it this: "The system() source will not add /dev/kmsg (or /proc/kmsg on older kernels) to the default sources if using the systemd journal, because kernel logs are included in the journal." But I'm not using systemd and don't use the systemd useflag. |
|
| Back to top |
|
 |
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Sun Mar 22, 2015 1:40 pm Post subject: |
|
|
| File a bug; quickest way to get it sorted. |
|
| Back to top |
|
|
Goverp
Advocate
Joined: 07 Mar 2007
Posts: 2056
|
| Posted: Wed Apr 29, 2015 6:37 pm Post subject: |
|
|
I've hit the exact same problem, so I've filled a bug.
_________________
Greybeard |
|
| Back to top |
|
|
teika
Apprentice
Joined: 19 Feb 2011
Posts: 160
Location: YYYY-MM-DD, period. Have you ever used the Internet?
|
| Posted: Tue Aug 07, 2018 6:24 am Post subject: |
|
|
Can anyone make it possible with some setting in syslog-ng.conf? It looks possible from /usr/share/doc/syslog-ng-<ver>/syslog-ng.conf.doc.bz2, by adding the lines:
| Code: | source s_kernel
{ file("/proc/kmsg" program_override("kernel")); };
log { source(s_kernel); destination(message); }; |
But it will fail:
| Code: | root ~ $ /etc/init.d/syslog-ng restart
* Stopping syslog-ng ... [ ok ]
* Checking your configfile (/etc/syslog-ng/syslog-ng.conf) ... [ ok ]
* Starting syslog-ng ...
[2018-01-07T01:23:45.678900] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_sd_curpos(/proc/kmsg)', location='/etc/syslog-ng/syslog-ng.conf:56:3'
* start-stop-daemon: failed to start `/usr/sbin/syslog-ng'
* Failed to start syslog-ng [ !! ]
* ERROR: syslog-ng failed to start |
From git log (do git clone https://github.com/balabit/syslog-ng.git; git log -Skmsg), they have done something for the better support of kmsg, but they seem to hve failed provide the doc. Ugh...
(See also this gentoo-bug.) |
|
| Back to top |
|
|
Goverp
Advocate
Joined: 07 Mar 2007
Posts: 2056
|
| Posted: Tue Aug 07, 2018 2:45 pm Post subject: |
|
|
teika,
This is a very old thread. As is the bug, which you link to, and is the one I posted three years ago.
The kmsg problem was bypassed by a patch (also antique). I'm not sure if it still gets applied - the bug report currently says not.
I'm now running app-admin/syslog-ng-3.13.2, and whether or not the patch is being applied, I'm not seeing the problem. After a reboot, you can see syslog-ng starting, then all the stuff you get in dmesg, as well as any other logging. Which is as it should be - the "system" source is supposed to catch kmsg records as well as internal ones.
The config snippet for s_kernel you posted is already included in the system source on a linux build of syslog-ng. IIUC the error message you get is syslog-ng spotting the duplicate handling of system and s_kernel.
Are you running systemd? IIUC, syslog-ng has a special source to be used instead of system.
_________________
Greybeard |
|
| Back to top |
|
|
teika
Apprentice
Joined: 19 Feb 2011
Posts: 160
Location: YYYY-MM-DD, period. Have you ever used the Internet?
|
| Posted: Tue Aug 07, 2018 10:34 pm Post subject: |
|
|
Oh, oh, syslog-ng-3.16.1 as desired collects the dmesg ouput without the patch. Haven't tested former versions yet.
Edit :The original post below *was* wrong. Soryy for mess.
My gentoo is without systemd, and I need the patch to catch the dmesg outputs into syslog-ng.
Then syslog-ng assumes systemd, and that's why only Gentoo users are concerned with this problem??
@Goverp Thanks for filing the bug. It's still relevant for us! |
|
| Back to top |
|
|
Goverp
Advocate
Joined: 07 Mar 2007
Posts: 2056
|
| Posted: Tue Nov 20, 2018 3:44 pm Post subject: The problem appears to be back - syslog-ng-3.17.2 |
|
|
I hadn't realized the patch was still being applied, until the latest stable syslog-ng-3.17.2 hit my machine, and the patch didn't fit. I investigated what syslog-ng was setting the system source to, using /usr/share/syslog-ng/tools/system-expand.sh and found it was still referencing /dev/kmsg, and handling that is broken by (syslog-ng's) design.
The following alternative to:
| Code: | | source src { system(); internal(); }; |
i.e.:
| Code: | source src {
channel {
source { unix-dgram("/dev/log" so_rcvbuf(8192)); };
rewrite { set("${.unix.pid}" value("PID") condition("${.unix.pid}" ne "")); };
};
file("/proc/kmsg");
internal();
}; |
works for me. It's expanding system() and effectively patching /dev/kmsg to /proc/kmsg. Unlike the system() implementation, it doesn't overwrite the "program" field in each message to "kernel", which I prefer, as I was losing sight of lines written by my initramfs.
I think it would be a problem if something other than syslog-ng also wants to read /proc/kmsg, but I can't see anyone wanting to do that.
_________________
Greybeard |
|
| Back to top |
|
|
Drag0nFly
n00b
Joined: 13 Sep 2019
Posts: 10
|
| Posted: Wed Oct 09, 2019 3:37 pm Post subject: |
|
|
I just hit this issue as well on an OpenRC system and was searching around till my face was dark-green in order for a workaround.
Thanks for the config tip, @Goverp - I've added it to syslog-ng.conf (using 3.23.1).
Guess I'll have to reboot to see whether this fix actually coaxed syslog-ng into doing what it is supposed to. Having just one (or two) boot outputs in /var/log/dmesg[.old] is not nearly sufficient.
Can't believe these idiotic changes that keep popping up all over the place (the last one was eudev disabling the rule-generator, which made all network interface renaming fail for eth[x] notations due to an apparent 'race condition' which nobody seem to be experiencing) |
|
| Back to top |
|
|
|
Portage & Programming
