The recently posted security update of sysklogd (sysklogd-1.3.31-17) fails to log kernel messages: notably ipchains kernel packet logging. kill -SIGHUP [pidof syslogd] does not help the problem, restart message appears, but no packet logging.
I'm seeing the same thing. Getting the latest sysklogd RPMs from Red Hat doesn't fix. Nor does updating ipchains to 1.3.10 (this is on a system with Kernel 2.2.17 from tar). I do find a pertinent message from last 8 Dec 1999 on the ipchains list: "Well I finally got around to figuring out this problem. "This problem has to do with RedHat 6.1, a similar box running 6.0 did not have similar problems. A beefed up box running 6.1 had the problems as well. This problem is even documented on the RedHat bug list site without a fix. http://developer.redhat.com/bugzilla/show_bug.cgi?id=6075&BUGLIST=6075 "I downloaded the sysklogd-1.3-31.tar.gz source file and compiled it myself. At first this didn't fix the problem. So I started taking a look at the various options. One of the lines commented out in the Makefile was KLOGD_START_DELAY. Uncommented this line and it is working nicely now. Have been testing it for the past week, without any problems so far. "I also had to change the BINDIR = /sbin since this is where redhat has installed syslogd and klogd. "David C Prall, CCNA MCNE MCSE DCP Technologies dcp Alexandria, VA dcppage http://www.dcptech.com"
... but I just tried grabbing the sysklogd-1.4.tar.gz and compiling per Prall's suggestions (above) and it doesn't seem to do it. This is on a Red Hat 6.2 system with a fairly fast Pentium III. On a very similarly configured Red Hat 6.1 system on a slower AMD K-2 450 there's no such problem - so Prall's basic notion that it could have to do with timing might make some sense.
If you strace klogd, what is it doing?
Hi there, I have a similar problem on RedHat 6.2; klogd is not restarted after log rotation. I noticed this after ipchains stopped logging unexpectedly. sysklogd information ----------------------- version: 1.3.31-17 (updates.redhat.com) installed: 08 Oct 2000 Interesting snippet from /etc/logrotate.d/syslog: ----------------------- /var/log/kernel { postrotate /usr/bin/killall -9 klogd /usr/sbin/klogd & endscript } ----------------------- Unfortunately, klogd does not live at /usr/sbin/klogd: ----------------------- # which klogd /sbin/klogd ----------------------- My conclusion is, that klogd gets killed by logrotate (triggered from /etc/cron.daily). 'klogd' is not restarted due to a wrong path in /etc/logrotate.d/syslog. Greetings, Ed.
You seem to have an odd /etc/logrotate.d/syslog file. The one shipped with the errata certainly isn't like that.
You may be right about having a strange /etc/logrotate.d/syslog file. I've checked my update log, and the file was OK after the sysklogd update. Meanwhile, I've traced the changes to the Bastille hardening script. Thanks for your help, I'll go bug the Bastille team now ;) Greetings, Ed.
closing bug, no feedback from original reporter.