Bug 8003 - kernel log entries lost after /etc/logrotate.d/syslog runs
Summary: kernel log entries lost after /etc/logrotate.d/syslog runs
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sysklogd
Version: 6.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-12-27 00:34 UTC by peterw
Modified: 2014-03-17 02:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-12-27 05:28:25 UTC

Attachments (Terms of Use)

Description peterw 1999-12-27 00:34:57 UTC
I added the following line to /etc/syslog.conf so that I could use ipchains to log network connection attempts:

kern.info                    /var/log/messages

However, the ipchains packet logging stops functioning every time logrotate  rotates the syslog files. I have found that I can re-enable the packet logging by running
/etc/rc.d/init.d/syslog restart
which I notice restarts klogd as well as syslogd. I suspect that /etc/logrotate.d/syslog should be modified to restart klogd (maybe just send a TSTP and then CONT signal?) in every instance where it sends a HUP to syslogd; otherwise I suspect that all kernel messages sent via klogd (not just my ipchains entries) are lost.



Comment 1 peterw 1999-12-27 05:28:59 UTC
Oops. Updated to latest sysklogd package for RH 6.1. Seems OK now.

Comment 2 Riley H Williams 1999-12-28 14:12:59 UTC
There appears to be a slight race problem here. If my analysis is right, then
either syslogd or klogd blocks if the kernel generated an OOPS whilst the logs
are being rotated, and about five minutes of logs vanish as a result.

The problem, of course, is that the ONLY evidence of this happenning is a gap in
the logs where entries relating to syslogd restarting should occur. As a result,
it's virtually impossible to produce any examples.

Note You need to log in before you can comment on or make changes to this bug.