good old syslog-ng issue [Archive]

View Full Version : good old syslog-ng issue

amiga505

06-16-2008, 12:00 PM

hi folks!

my /etc/syslog-ng/syslog-ng.conf has the folowing directive under the source section:

file("/dev/klog")

after making syslog-ng start

i get the following:

# syslog-ng start
Changing permissions on special file /dev/klog
Error opening file /dev/klog for reading (Device busy)
Error initializing configuration, exiting.
#

but with this directive commented it starts ok.

i googled just to find out that this is the common issue, but have found no sollution so far.

any ideas?

ai-danno

06-17-2008, 05:18 AM

Have you checked out this quick article (http://www.packetwatch.net/documents/guides/2007101602.php)? It mentions doing-

source local { internal(); pipe("/dev/klog" log_prefix("kernel: ")); unix-dgram("/dev/log"); };

ai-danno

06-22-2008, 08:07 PM

Nice to see the OP has no response ... :( ... guess that's the way it goes sometimes.

Carpetsmoker

06-22-2008, 08:13 PM

According to his profile:
Last Activity: 06-16-2008 12:05 PM

So he didn't even see your response ... Maybe he got the answer at another forum or something ... I often see people post the same question at several different places.

ai-danno

06-23-2008, 12:37 AM

Point well taken.

amiga505

07-04-2008, 06:27 PM

easy now, guys.

i was quite bussy with my work and had no time to check my home OpenBSD box. i really appreciate your help, ai-danno!

now to the issue. i edited my syslog-ng config and now it includes the following:

source log_everything {

internal();
pipe("/dev/klog" log_prefix("kernel: "));
unix-dgram("/dev/log");
tcp(
port(1468)
max-connections(2)
);

};

still, the error is in place...

amiga505

07-04-2008, 06:35 PM

issue resolved. it was native syslogd process that was "holding" /dev/klog. now when i killed native syslogd - syslog-ng starts OK. i will now edit /etc/rc and /etc/rc.conf to prevent the native syslogd daemon from starting.

amiga505

07-04-2008, 07:01 PM

well... that's what we got after reboot:

#
# ps -ax | grep syslog
30793 ?? Is 0:00.03 /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid
#
# netstat -anp tcp
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
..
skip
..
tcp 0 0 *.1468 *.* LISTEN
#

that to indicate that no syslogd instances are running, syslog-ng is running and listening on port 1468 (as stated in configuration file). that seems pretty cool, but the thing is when i try to restart syslog-ng (due to configuration file changes, for example), i get the following:

#
# syslog-ng restart
Changing permissions on special file /dev/klog
Error opening file /dev/klog for reading (Device busy)
Error initializing configuration, exiting.
#

...