While poking around trying to get iptables to log to syslog I noticed that none of the logging messages from the kernel were showing up in any of the log files, odd they used too... I moved our systems to using rsyslog a while ago in an effort to try and stay ahead of where things were going a bit, and because I wanted tcp transport to our central logging server. Redhat offers this as a technology preview which is as far as I can tell long hand for no support. Anyway all worked well until recently when RHEL 5.5 was released, all of the sudden kernel logs stopped appearing, turns out rsyslog was re-based from 2.x to 3.x (http://rhn.redhat.com/errata/RHBA-2010-0213.html) which is really great because now I don't need stunnel for secure transport any more but rklogd is gone. Well turns out rklogd disappearance is intentional: Version 3.10.0 (rgerhards), 2008-01-07 - rklogd is no longer provided. Its functionality has now been taken over by imklog, a loadable input module. This offers a much better integration into rsyslogd and makes sure that the kernel logger process is brought up and down at the appropriate times That is great but the default install of rsyslog on RHEL 5.5 no longer has that functionality enabled by default, so no kernel messages for your logs, you can still get them via dmesg. To fix this problem take a look at the imklog module here: http://www.rsyslog.com/doc-imklog.html, but in short dropping the following into your /etc/rsyslog.conf will fix the issue: #Load the Kernel logging module $ModLoad imklog Now I doubt this was intentional, or if it was it needed to be documented in the RHBA so I filed a bug.
This change surprised me very much, too.
Grmml, this is a second major change (besides the timestamp format change https://bugzilla.redhat.com/show_bug.cgi?id=583621), which is incompatible to the old version. I had not expected that RH QA had not catched such major changes.
Filed SR#2029498 for speed up this issue
Created Service Request: 2039452
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Although the previous release of the rsyslog packages replaced rklogd, a daemon that provided kernel logging, with a loadable module, it did not enable this functionality in the configuration. Consequent to this, rsyslog did not log the kernel messages at all. With this update, the /etc/rsyslog.conf configuration file has been corrected to include the "$ModLoad imklog" directive, and the kernel messages are now logged as expected.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0228.html