First Last Prev Next    This bug is not in your last search results.
Bug 7884 - Kernel log messages are discarded after logs are rotated
Kernel log messages are discarded after logs are rotated
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: sysklogd (Show other bugs)
6.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-12-18 21:48 EST by DIanne Skoll
Modified: 2014-03-16 22:11 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-12-20 11:56:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description DIanne Skoll 1999-12-18 21:48:12 EST 
I have a Red Hat 6.1 system and after the logs are rotated, I stop
getting logs from the kernel.

I traced it down to this:  When "syslogd" is sent a HUP signal to
reinitialize itself, it seems to close /dev/log.  The "klogd" kernel
daemon is then unable to send messages to syslog.  Here's an example:

$ strace -p 22240   # I'm tracing the "klogd" process

# A kernel log message is generated
read(0, "<6>Packet log: forward DENY ppp0"..., 4095) = 118

# klogd gets a time stamp
time([945571294])        = 945571294

# klogd writes it to syslog
write(1, "<6>Dec 18 21:41:34 kernel: Packe"..., 143) = 143

# Now send syslogd a HUP signal

$ Kill -1 19141

# And continue with the strace

# A kernel log message is generated
read(0, "<6>Packet log: forward DENY ppp0"..., 4095) = 118

# klogd gets a time stamp
time([945571432])       = 945571432

# But the write fails and the log message is lost!
write(1, "<6>Dec 18 21:43:52 kernel: Packe"..., 143) = -1 ECONNRESET
(Connection reset by peer)

If you are running firewalls, CHECK THAT YOUR LOGS WORK!  You could be
missing something important.

As a workaround, in the last entry of /etc/logrotate.d/syslog, change
the postrotate script to:

	sh /etc/rc.d/init.d/syslog restart

--
David F. Skoll                 | Roaring Penguin Software Inc.
http://www.roaringpenguin.com  | Linux and UNIX Specialists
Comment 1 DIanne Skoll 1999-12-18 22:16:59 EST 
One more thing:  I tried it out on Caldera OpenLinux 2.3 and did NOT observe
this problem.  Both sysklogd packages claim to be version 1.3.31.  The
difference is that on Caldera OpenLinux, libc6.so is a link to libc-2.1.1.so,
and on Red Hat, it is libc-2.1.2.so.  So I think it might be a libc problem.
Comment 2 DIanne Skoll 1999-12-18 22:43:59 EST 
One more thing: COL 2.3 is kernel 2.2.10 and Red Hat 6.1 is 2.2.12.  It might be
a kernel thing.
Comment 3 DIanne Skoll 1999-12-19 11:45:59 EST 
The new sysklogd RPM from the Red Hat updates site fixes this bug.  However, I
think you should post an advisory.  The existing sysklogd security advisory
talks about a different problem with sysklogd; this problem is, in my opinion,
far more serious because it could result in lost logs.
Comment 4 Bill Nottingham 1999-12-20 11:56:59 EST 
This is fixed in the errata sysklogd release.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.