Bug 592039 - Rklogd is gone and kernel log messages are not being logged by rsyslog
Rklogd is gone and kernel log messages are not being logged by rsyslog
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rsyslog (Show other bugs)
5.5
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Tomas Heinrich
BaseOS QE Security Team
: Regression, ZStream
Depends On: 582288
Blocks: 661149
  Show dependency treegraph
 
Reported: 2010-05-13 14:08 EDT by Erinn Looney-Triggs
Modified: 2016-09-20 00:49 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Although the previous release of the rsyslog packages replaced rklogd, a daemon that provided kernel logging, with a loadable module, it did not enable this functionality in the configuration. Consequent to this, rsyslog did not log the kernel messages at all. With this update, the /etc/rsyslog.conf configuration file has been corrected to include the "$ModLoad imklog" directive, and the kernel messages are now logged as expected.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-21 01:08:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Erinn Looney-Triggs 2010-05-13 14:08:25 EDT
While poking around trying to get iptables to log to syslog I noticed that none of the logging messages from the kernel were showing up in any of the log files, odd they used too...

I moved our systems to using rsyslog a while ago in an effort to try and stay ahead of where things were going a bit, and because I wanted tcp transport to our central logging server. Redhat offers this as a technology preview which is as far as I can tell long hand for no support. Anyway all worked well until recently when RHEL 5.5 was released, all of the sudden kernel logs stopped appearing, turns out rsyslog was re-based from 2.x to 3.x (http://rhn.redhat.com/errata/RHBA-2010-0213.html) which is really great because now I don't need stunnel for secure transport any more but rklogd is gone.

Well turns out rklogd disappearance is intentional: 

Version 3.10.0 (rgerhards), 2008-01-07
- rklogd is no longer provided. Its functionality has now been taken over by imklog, a loadable input module. This offers a much better integration into rsyslogd and makes sure that the kernel logger process is brought up and down at the appropriate times


That is great but the default install of rsyslog on RHEL 5.5 no longer has that functionality enabled by default, so no kernel messages for your logs, you can still get them via dmesg. To fix this problem take a look at the imklog module here: http://www.rsyslog.com/doc-imklog.html, but in short dropping the following into your /etc/rsyslog.conf will fix the issue:

#Load the Kernel logging module
$ModLoad imklog

Now I doubt this was intentional, or if it was it needed to be documented in the RHBA so I filed a bug.
Comment 1 Till Maas 2010-05-25 09:27:33 EDT
This change surprised me very much, too.
Comment 2 Peter Bieringer 2010-06-09 05:01:13 EDT
Grmml, this is a second major change (besides the timestamp format change https://bugzilla.redhat.com/show_bug.cgi?id=583621), which is incompatible to the old version.

I had not expected that RH QA had not catched such major changes.
Comment 3 Peter Bieringer 2010-06-09 05:40:09 EDT
Filed SR#2029498 for speed up this issue
Comment 5 Erinn Looney-Triggs 2010-07-12 13:58:20 EDT
Created Service Request: 2039452
Comment 7 RHEL Product and Program Management 2010-08-09 15:47:44 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 12 Jaromir Hradilek 2010-12-13 04:53:38 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Although the previous release of the rsyslog packages replaced rklogd, a daemon that provided kernel logging, with a loadable module, it did not enable this functionality in the configuration. Consequent to this, rsyslog did not log the kernel messages at all. With this update, the /etc/rsyslog.conf configuration file has been corrected to include the "$ModLoad imklog" directive, and the kernel messages are now logged as expected.
Comment 19 errata-xmlrpc 2012-02-21 01:08:09 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0228.html

Note You need to log in before you can comment on or make changes to this bug.