|Summary:||Kernel log messages are discarded after logs are rotated|
|Product:||[Retired] Red Hat Linux||Reporter:||DIanne Skoll <dfs>|
|Component:||sysklogd||Assignee:||Bill Nottingham <notting>|
|Status:||CLOSED ERRATA||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-12-20 16:56:00 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description DIanne Skoll 1999-12-19 02:48:12 UTC
I have a Red Hat 6.1 system and after the logs are rotated, I stop getting logs from the kernel. I traced it down to this: When "syslogd" is sent a HUP signal to reinitialize itself, it seems to close /dev/log. The "klogd" kernel daemon is then unable to send messages to syslog. Here's an example: $ strace -p 22240 # I'm tracing the "klogd" process # A kernel log message is generated read(0, "<6>Packet log: forward DENY ppp0"..., 4095) = 118 # klogd gets a time stamp time() = 945571294 # klogd writes it to syslog write(1, "<6>Dec 18 21:41:34 kernel: Packe"..., 143) = 143 # Now send syslogd a HUP signal $ Kill -1 19141 # And continue with the strace # A kernel log message is generated read(0, "<6>Packet log: forward DENY ppp0"..., 4095) = 118 # klogd gets a time stamp time() = 945571432 # But the write fails and the log message is lost! write(1, "<6>Dec 18 21:43:52 kernel: Packe"..., 143) = -1 ECONNRESET (Connection reset by peer) If you are running firewalls, CHECK THAT YOUR LOGS WORK! You could be missing something important. As a workaround, in the last entry of /etc/logrotate.d/syslog, change the postrotate script to: sh /etc/rc.d/init.d/syslog restart -- David F. Skoll | Roaring Penguin Software Inc. http://www.roaringpenguin.com | Linux and UNIX Specialists
Comment 1 DIanne Skoll 1999-12-19 03:16:59 UTC
One more thing: I tried it out on Caldera OpenLinux 2.3 and did NOT observe this problem. Both sysklogd packages claim to be version 1.3.31. The difference is that on Caldera OpenLinux, libc6.so is a link to libc-2.1.1.so, and on Red Hat, it is libc-2.1.2.so. So I think it might be a libc problem.
Comment 2 DIanne Skoll 1999-12-19 03:43:59 UTC
One more thing: COL 2.3 is kernel 2.2.10 and Red Hat 6.1 is 2.2.12. It might be a kernel thing.
Comment 3 DIanne Skoll 1999-12-19 16:45:59 UTC
The new sysklogd RPM from the Red Hat updates site fixes this bug. However, I think you should post an advisory. The existing sysklogd security advisory talks about a different problem with sysklogd; this problem is, in my opinion, far more serious because it could result in lost logs.
Comment 4 Bill Nottingham 1999-12-20 16:56:59 UTC
This is fixed in the errata sysklogd release.