The recently posted security update of sysklogd (sysklogd-1.3.31-17) fails
to log kernel messages: notably ipchains kernel packet logging.
kill -SIGHUP [pidof syslogd] does not help the problem, restart message
appears, but no packet logging.
I'm seeing the same thing. Getting the latest sysklogd RPMs from Red Hat doesn't
fix. Nor does updating ipchains to 1.3.10 (this is on a system with Kernel
2.2.17 from tar). I do find a pertinent message from last 8 Dec 1999 on the
"Well I finally got around to figuring out this problem.
"This problem has to do with RedHat 6.1, a similar box running 6.0 did
not have similar problems. A beefed up box running 6.1 had the problems
as well. This problem is even documented on the RedHat bug list site
without a fix.
"I downloaded the sysklogd-1.3-31.tar.gz source file and compiled it
myself. At first this didn't fix the problem. So I started taking a look
at the various options. One of the lines commented out in the Makefile
was KLOGD_START_DELAY. Uncommented this line and it is working nicely
now. Have been testing it for the past week, without any problems so
"I also had to change the BINDIR = /sbin since this is where redhat has
installed syslogd and klogd.
"David C Prall, CCNA MCNE MCSE DCP Technologies
firstname.lastname@example.org Alexandria, VA
... but I just tried grabbing the sysklogd-1.4.tar.gz and compiling per Prall's
suggestions (above) and it doesn't seem to do it. This is on a Red Hat 6.2
system with a fairly fast Pentium III. On a very similarly configured Red Hat
6.1 system on a slower AMD K-2 450 there's no such problem - so Prall's basic
notion that it could have to do with timing might make some sense.
If you strace klogd, what is it doing?
I have a similar problem on RedHat 6.2; klogd is not restarted after log rotation.
I noticed this after ipchains stopped logging unexpectedly.
version: 1.3.31-17 (updates.redhat.com)
installed: 08 Oct 2000
Interesting snippet from /etc/logrotate.d/syslog:
/usr/bin/killall -9 klogd
Unfortunately, klogd does not live at /usr/sbin/klogd:
# which klogd
My conclusion is, that klogd gets killed by logrotate (triggered from /etc/cron.daily).
'klogd' is not restarted due to a wrong path in /etc/logrotate.d/syslog.
You seem to have an odd /etc/logrotate.d/syslog file. The one shipped
with the errata certainly isn't like that.
You may be right about having a strange /etc/logrotate.d/syslog file. I've checked my update log, and
the file was OK after the sysklogd update.
Meanwhile, I've traced the changes to the Bastille hardening script.
Thanks for your help, I'll go bug the Bastille team now ;)
closing bug, no feedback from original reporter.