No kernel messages are logged to kern.log
Your rsyslog.conf doesn't load the input module for reading kernel logs. The relevant line is there, but it is commented out, so rsyslog ignores it:
$ModLoad imuxsock # provides support for local system logging
#$ModLoad imklog # provides kernel logging support
Remove the #
from the beginning of the imklog line, and restart rsyslogd.
Related videos on Youtube
![LangeHaare](https://i.stack.imgur.com/cUmGI.jpg?s=256&g=1)
Comments
-
LangeHaare almost 2 years
I am trying to configure rsyslog. Ultimately, I want to have a log file of dropped packets but I can't get rsyslog to log properly.
/etc/rsyslog.conf
looks like this:# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging #$ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Filter duplicated messages $RepeatedMsgReduction on # # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf
/etc/rsyslog.d/50-default.conf
looks like this:# Default rules for rsyslog. # # For more information see rsyslog.conf(5) and /etc/rsyslog.conf # # First some standard log files. Log by facility. # auth,authpriv.* -/var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* -/var/log/cron.log #daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log #lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log #user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # #mail.info -/var/log/mail.info #mail.warn -/var/log/mail.warn mail.err -/var/log/mail.err # # Logging for INN news system. # news.crit -/var/log/news/news.crit news.err -/var/log/news/news.err news.notice -/var/log/news/news.notice # # Some "catch-all" log files. # #*.=debug;\ # auth,authpriv.none;\ # news.none;mail.none -/var/log/debug #*.=info;*.=notice;*.=warn;\ # auth,authpriv.none;\ # cron,daemon.none;\ # mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg :omusrmsg:* # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole
It's my understanding that
kern.* -/var/log/kern.log
directs all types of kernel messages to the file/var/log/kern.log
. However, when issuing the commandlogger -p kern.info "kern.info: test"
/var/log/kern.log
remains empty. I am not sure how to proceed as the test message does appear in/var/log/syslog
-
LangeHaare almost 10 yearsYou wouldn't happen to have a guess as to why kernel logging is disabled by default? Is it unusual to log kernel messages?