Red Hat Bugzilla – Bug 8003
kernel log entries lost after /etc/logrotate.d/syslog runs
Last modified: 2014-03-16 22:11:49 EDT
I added the following line to /etc/syslog.conf so that I could use ipchains to log network connection attempts: kern.info /var/log/messages However, the ipchains packet logging stops functioning every time logrotate rotates the syslog files. I have found that I can re-enable the packet logging by running /etc/rc.d/init.d/syslog restart which I notice restarts klogd as well as syslogd. I suspect that /etc/logrotate.d/syslog should be modified to restart klogd (maybe just send a TSTP and then CONT signal?) in every instance where it sends a HUP to syslogd; otherwise I suspect that all kernel messages sent via klogd (not just my ipchains entries) are lost. Thanks, -Peter
Oops. Updated to latest sysklogd package for RH 6.1. Seems OK now.
There appears to be a slight race problem here. If my analysis is right, then either syslogd or klogd blocks if the kernel generated an OOPS whilst the logs are being rotated, and about five minutes of logs vanish as a result. The problem, of course, is that the ONLY evidence of this happenning is a gap in the logs where entries relating to syslogd restarting should occur. As a result, it's virtually impossible to produce any examples.