Post by Sylvai » Wed, 06 Sep 2000 16:54:11


I'm running into a syslog problem for weeks now and can't see any issue. I
did not find any helpful hints on newsgroup I posted and wonder if someone
here could help with this :

The goal : setting up a bootable CD-ROM based on RedHat 6.2

The problem : syslog does not log !

When booting, syslog is launched by the init scripts and does not log
anything except "Syslog restarting ..."
If I just launch it manually after the boot, it will work.
I modified the init scripts to launch it without a special daemon calling
function, does not change anything.
The interesting part : I made system call traces with strace and found :
- syslog opens /dev/log as a SOCK_DGRAM socket,
- loggers ("logger" for example) can't open /dev/log socket : get a
EPROTOTYPE error when opening with SOCK_DGRAM. Works when opening with
SOCK_STREAM. But that does not log as syslog opened the socket in SOCK_DGRAM

I think this is most of the problem but can't find a solution.

Note : I boot the system with a read-only root fs and a ramdisk over /var.
Kernel is 2.2.16 patched with devfs. When rebooting with a read-write root
fs, I have no problem at all !! But strace did not show something about
"logger" or "syslog" having troubles to open a file on the read-only fs
(except for the socket : see previous EPROTOTYPE error).

I don't think there is a user right problem as /dev/log is created 666 by
syslog (also some more info that let me write this, but too long here).

I someone could help about this problem, I just have no more ideas ...

Thanks in advance.



1. Tuning syslog/Syslog reporting/Syslog enhancement/replacements


        I have been investigating using syslog's logging facilities. I have
currently set up our network to log to a central logging host. In my
preliminary attempts, I have set up syslog to dump everything to a single file,
which gets messy. I've sorted out the files now, and I have noticed that
certain applications such as telnetd and ftpd write to the LOG_MAIL facility.
Is there
a way to alter the logging facility that they report to, or will I have to have
modified binaries to handle this? I'm mostly concerned with our AIX machines
but we also have HPUX, Sunos/Solaris, and OSF. I could very well have it dump
information and sort out the data based on rules I develop using
sed/awk/perl/grep (whatever), But it would be nicer if it were done by
syslog/programs writing to syslog.

        Also, is anyone familiar with any other logging utilities? I would be grateful
for some help/advice or some pointers to where to find this information.

Thanks for your help.


2. proc_mknod() should check the mode parameter

3. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

4. quote: 'Linux, the PC program from hell' -- David Hewson

5. Syslog replay script for centralized syslog host

6. SB 16 VE PnP & Linux

7. Syslog parser wanted to replace Kiwi Syslog (win32)

8. Setting up Dialin> linux> internet

9. syslog.conf/syslog

10. Sending syslog messages to a remote syslog server

11. Syslog question - getting other hosts' syslog messages

12. SYSLOG and syslog.conf

13. Syslog.conf and remote syslog entries