вторник, 12 февраля 2013 г.

FreeBSD Kernel Log Fix Syslog-ng

      One of the most important things in the world of servers is assembly / storage / performance analysis of different services logs (log-files). Syslogd program, that accepts messages from various services and rides them it into the files is traditionally used for this purpose. As a rule syslogd functionality is quite enough, but it often happens that more flexibility is needed in the organization of logs storage. And here syslog-ng comes to your rescue. Its main difference from the standard syslog is the possibility to manage logs in a very flexible way. Here you are some examples of syslog-ng advantages: message filtering by predefined patterns, easy setup of logs duplication to remote servers (I call it a central repository). Another feature of syslog-ng allows you to collect and filter messages from services that can't send them to the standard syslog (for example, a web-server, apache/nginx, which have their own built in log system).
     Syslog-ng is good in everything, but sometimes you can face some problems using it. For instance the most recent issue I accoutered with was syslog-ng inability to log FreeBSD kernel messages. The bug was associated with peculiarities of message generation. The solution was quite simple. J In the default configuration the source of the messages is described like this:
source src { unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
             udp();                                      
             file("/dev/klog"); };
Directive file("/dev/klog") indicates kernel messages reading, but it doesn’t work in this form.
To fix it you need to modify this directive in this way:
             file("/dev/klog" follow-freq(1));
and then restart syslog-ng. After this kernel messages will be processed.
     One more thing, you can find these instructions in the file /usr/ports/UPDATING.
Always check it before upgrading software ;)

Lina Vines,



Комментариев нет:

Отправить комментарий