While poking around trying to get iptables to log to syslog I noticed that none of the logging messages from the kernel were showing up in any of the log files, odd they used too...
I moved our systems to using rsyslog a while ago in an effort to try and stay ahead of where things were going a bit, and because I wanted tcp transport to our central logging server. Redhat offers this as a technology preview which is as far as I can tell is long hand for no support. Anyway, everything worked well until recently when RHEL 5.5 was released, all of the sudden kernel logs stopped appearing, turns out rsyslog was re-based from 2.x to 3.x (http://rhn.redhat.com/errata/RHBA-2010-0213.html) which is really great because now I don't need stunnel for secure transport any more, but rklogd is gone. Well turns out the rklogd disappearance is intentional: Version 3.10.0 (rgerhards), 2008-01-07 - rklogd is no longer provided. Its functionality has now been taken over by imklog, a loadable input module. This offers a much better integration into rsyslogd and makes sure that the kernel logger process is brought up and down at the appropriate times That is great but the default install of rsyslog on RHEL 5.5 no longer has kernel logging functionality enabled by default, so no kernel messages for your logs. To fix this problem take a look at the imklog module here: http://www.rsyslog.com/doc-imklog.html, but in short dropping the following into your /etc/rsyslog.conf will fix the issue: #Load the Kernel logging module $ModLoad imklog Now I doubt this was intentional, or if it was it needed to be documented in the RHBA so I filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=592039 -Erinn _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
