I have a Red Hat 6.1 system and after the logs are rotated, I stop getting logs from the kernel. I traced it down to this: When "syslogd" is sent a HUP signal to reinitialize itself, it seems to close /dev/log. The "klogd" kernel daemon is then unable to send messages to syslog. Here's an example: $ strace -p 22240 # I'm tracing the "klogd" process # A kernel log message is generated read(0, "<6>Packet log: forward DENY ppp0"..., 4095) = 118 # klogd gets a time stamp time([945571294]) = 945571294 # klogd writes it to syslog write(1, "<6>Dec 18 21:41:34 kernel: Packe"..., 143) = 143 # Now send syslogd a HUP signal $ Kill -1 19141 # And continue with the strace # A kernel log message is generated read(0, "<6>Packet log: forward DENY ppp0"..., 4095) = 118 # klogd gets a time stamp time([945571432]) = 945571432 # But the write fails and the log message is lost! write(1, "<6>Dec 18 21:43:52 kernel: Packe"..., 143) = -1 ECONNRESET (Connection reset by peer) If you are running firewalls, CHECK THAT YOUR LOGS WORK! You could be missing something important. As a workaround, in the last entry of /etc/logrotate.d/syslog, change the postrotate script to: sh /etc/rc.d/init.d/syslog restart -- David F. Skoll | Roaring Penguin Software Inc. http://www.roaringpenguin.com | Linux and UNIX Specialists
One more thing: I tried it out on Caldera OpenLinux 2.3 and did NOT observe this problem. Both sysklogd packages claim to be version 1.3.31. The difference is that on Caldera OpenLinux, libc6.so is a link to libc-2.1.1.so, and on Red Hat, it is libc-2.1.2.so. So I think it might be a libc problem.
One more thing: COL 2.3 is kernel 2.2.10 and Red Hat 6.1 is 2.2.12. It might be a kernel thing.
The new sysklogd RPM from the Red Hat updates site fixes this bug. However, I think you should post an advisory. The existing sysklogd security advisory talks about a different problem with sysklogd; this problem is, in my opinion, far more serious because it could result in lost logs.
This is fixed in the errata sysklogd release.