Ok, I've downloaded and extracted both klogd and sysklogd. It looks like the only file that changed as syslog.conf ( as expected). Below is the diff from the fresh copy and what I had.
~/temp $ diff ./etc/syslog.conf /etc/syslog.conf 19a20,22 > # Logging for dropped packets through iptables > kern.warn /var/log/firewall > 54,57c57,60 < #daemon,mail.*;\ < # news.=crit;news.=err;news.=notice;\ < # *.=debug;*.=info;\ < # *.=notice;*.=warn /dev/tty8 --- > daemon,mail.*;\ > news.=crit;news.=err;news.=notice;\ > *.=debug;*.=info;\ > *.=notice;*.=warn /dev/tty8 67,71c70,73 < daemon.*;mail.*;\ < news.crit;news.err;news.notice;\ < *.=debug;*.=info;\ < *.=notice;*.=warn |/dev/xconsole < --- > #daemon.*;mail.*;\ > # news.crit;news.err;news.notice;\ > # *.=debug;*.=info;\ > # *.=notice;*.=warn |/dev/xconsole I'm not sure I see anything there that's concerning, given that kern.* should have always been logged to /var/log/kern.log with both config files. Just for completeness I decided to replace syslog.conf with the fresh version and restart /etc/init.d/sysklogd. I subsequently watched /var/log/kern.log for output and didn't see anything, even though I most certainly have the following line in /etc/syslog.conf: kern.* -/var/log/kern.log Note though that dmesg is getting input from iptables and syslogd/klogd (however it works), because I can see entries in dmesg that relate directly to rules I've got set up in iptables. Just entries in syslog.conf that have use the kern facility will get logged such that dmesg can see them, right? Also, I found something interesting looking through man klogd: "In Linux there are two potential sources of kernel log information: the /proc file system and the syscall (sys_syslog) interface, although ultimately they are one and the same. Klogd is designed to choose whichever source of information is the most appropriate. It does this by first checking for the presence of a mounted /proc file system. If this is found the /proc/kmsg file is used as the source of kernel log information. If the proc file system is not mounted klogd uses a sys- tem call to obtain kernel messages. The command line switch (-s) can be used to force klogd to use the system call interface as its messag-ing source." When I do: $ sudo less /proc/kmsg Things hang for a while and then eventually I see something that looks almost identical to the iptables logs I see through dmesg. The file itselft, however is 0 bytes in length... $ ls -l /proc/kmsg -r-------- 1 root root 0 2005-07-22 22:34 /proc/kmsg Is this a function of /proc being "special" in some sense? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
