One of the most important things in the
world of servers is assembly / storage / performance analysis of different
services logs (log-files). Syslogd program, that accepts messages from various
services and rides them it into the files is traditionally used for this
purpose. As a rule syslogd functionality is quite enough, but it often happens
that more flexibility is needed in the organization of logs storage. And here
syslog-ng comes to your rescue. Its main difference from the standard syslog is
the possibility to manage logs in a very flexible way. Here you are some
examples of syslog-ng advantages: message filtering by predefined patterns,
easy setup of logs duplication to remote servers (I call it a central
repository). Another feature of syslog-ng allows you to collect and filter
messages from services that can't send them to the standard syslog (for
example, a web-server, apache/nginx, which have their own built in log system).
Syslog-ng is good in everything, but
sometimes you can face some problems using it. For instance the most recent
issue I accoutered with was syslog-ng inability to log FreeBSD kernel messages.
The bug was associated with peculiarities of message generation. The solution
was quite simple. J In the default configuration the source of the messages is
described like this:
source src {
unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
unix-dgram("/var/run/logpriv" perm(0600));
udp();
file("/dev/klog"); };
Directive file("/dev/klog")
indicates kernel messages reading, but it doesn’t work in this form.
To fix it you need to modify this directive in this way:
To fix it you need to modify this directive in this way:
file("/dev/klog" follow-freq(1));
and then restart
syslog-ng. After this kernel messages will be processed.
One more thing, you can find these
instructions in the file /usr/ports/UPDATING.
Always check it before
upgrading software ;)
Lina Vines,
Комментариев нет:
Отправить комментарий