Arch Linux

I don't understand why it doesn't work. If I understood the docs correctly, system() is supposed to use the appropriate method.

I'll probably leave it as is because I can confirm that it works with systemd which is the default on Arch. It's a configuration file so the user can change it if needed (the old config was set for a sytemd setup).

Sorry, I mentioned /dev/kmsg in the original report, when it should have been /proc/kmsg.

So, just to clarify. When I use:

------------------
file("/proc/kmsg")
------------------

in the conf file, the kernel messages are logged.

If I remove this line, then system() uses /dev/kmsg. Even if I explicitly specify:

-----------------
file("/dev/kmsg")
-----------------

the kernel messages are not logged.

If this works fine with systemd, I guess you should leave it as it is.

/dev/kmsg and /proc/kmsg are not the same file, and produce different formats when read. syslog-ng's system() source appears to always read from /proc/kmsg, and then varies between /dev/log (for non-systemd systems) and /run/systemd/journal/syslog (for systemd systems). Can you confirm what files syslog-ng has open when it's running with the system() source? It should be sufficient to give the output of: ls -l /proc/$(pidof syslog-ng)/fd/

It might also be interesting to see what it *attempts* to open during startup (via strace).

So after using /dev/kmsg for a while, I noticed that only the kernel messages generated at boot are not logged in everything.log, the later messages *are* logged. I wonder if it is a race condition.

@ Dave,

here are the file descriptors using system():

/proc/1024/fd/:
total 0
lr-x------ 1 root root 64 Jan 23 19:59 0 -> /dev/null
l-wx------ 1 root root 64 Jan 23 19:59 1 -> /dev/null
lrwx------ 1 root root 64 Jan 23 19:59 10 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan 23 19:59 11 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan 23 19:59 12 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan 23 19:59 13 -> anon_inode:[eventfd]
l-wx------ 1 root root 64 Jan 23 19:59 2 -> /dev/null
lrwx------ 1 root root 64 Jan 23 19:59 3 -> anon_inode:[eventpoll]
l-wx------ 1 root root 64 Jan 23 19:59 4 -> pipe:[8084]
lrwx------ 1 root root 64 Jan 23 19:59 5 -> socket:[7151]
lrwx------ 1 root root 64 Jan 23 19:59 6 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan 23 19:59 7 -> /var/lib/syslog-ng/syslog-ng.persist
lrwx------ 1 root root 64 Jan 23 19:59 8 -> socket:[7148]
lr-x------ 1 root root 64 Jan 23 19:59 9 -> /dev/kmsg

Also, you can find the strace in the attachment.

Iirc syslog-ng seeks to the end when /Dev/kmsf is used. Or else we'd get the whole dmesg at every restart.

Dmesg semantics are pretty flawed, couldn't come up with the ultimate solution.

@algernon was working in this area.

@ Balázs Scheidler (bazsi),

Yeah, I can confirm that with /proc/kmsg, dmesg is sourced on every restart of syslog-ng.

Great to know that work is being done in this direction.

@ Eric Belanger,

I think it is okay to close this bug now. I'll keep using /proc/kmsg until a fix emerges upstream.