back
Kernel Log Input Module
Module Name: imklog
Author: Rainer Gerhards
<rgerhards@adiscon.com>
Description:
Reads messages from the kernel log and submits them to the
syslog engine.
Configuration Directives:
- $KLogInternalMsgFacility
<facility>
The facility which messages internally generated by imklog will have.
imklog generates some messages of itself (e.g. on problems, startup and
shutdown) and these do not stem from the kernel. Historically, under
Linux, these too have "kern" facility. Thus, on Linux platforms the
default is "kern" while on others it is "syslogd". You usually do not
need to specify this configuratin directive - it is included primarily
for few limited cases where it is needed for good reason. Bottom line:
if you don't have a good idea why you should use this setting, do not
touch it.
- $KLogPermitNonKernelFacility
[on/off]
At least under BSD the kernel log may contain entries
with non-kernel facilities. This setting controls how those are
handled. The default is "off", in which case these messages are
ignored. Switch it to on to submit non-kernel messages to rsyslog
processing.
- $DebugPrintKernelSymbols
[on/off]
Linux only, ignored on other platforms (but may be specified)
- $klogLocalIPIF [interface name] - (available since 5.9.6) - if provided, the IP of the specified
interface (e.g. "eth0") shall be used as fromhost-ip for imklog-originating messages.
If this directive is not given OR the interface cannot be found (or has no IP address),
the default of "127.0.0.1" is used.
- $klogSymbolLookup [on/off] --
disables imklog kernel symbol translation (former klogd -x option). NOTE that
this option is counter-productive on recent kernels (>= 2.6) because the
kernel already does the symbol translation and this option breaks the information.
This option is scheduled for removal, probably with version 4.x. Do not use
it except if you have a very good reason. If you have one, let us know
because otherwise new versions will no longer support it.
Linux only, ignored on other platforms (but may be specified)
- $klogConsoleLogLevel [number]
(former klogd -c option) -- sets the console log level. If specified, only messages with
up to the specified level are printed to the console. The default is -1, which means that
the current settings are not modified. To get this behavior, do not specify
$klogConsoleLogLevel in the configuration file. Note that this is a global parameter. Each time
it is changed, the previous definition is re-set. The one activate will be that one that is
active when imklog actually starts processing. In short words: do not specify this
directive more than once!
Linux only, ignored on other platforms (but may be specified)
- $klogUseSyscallInterface [on/off]
-- former klogd -s option
Linux only, ignored on other platforms (but may be specified)
- $klogSymbolsTwice [on/off] --
former klogd -2 option
Linux only, ignored on other platforms (but may be specified)
Caveats/Known Bugs:
This is obviously platform specific and requires platform
drivers.
Currently, imklog functionality is available on Linux and BSD.
This module is not supported on Solaris and not needed there.
For Solaris kernel input, use imsolaris.
Sample:
The following sample pulls messages from the kernel log. All
parameters are left by default, which is usually a good idea. Please
note that loading the plugin is sufficient to activate it. No directive
is needed to start pulling kernel messages.
[rsyslog.conf overview]
[manual index] [rsyslog site]
This documentation is part of the
rsyslog
project.
Copyright © 2008-2009 by Rainer
Gerhards and
Adiscon.
Released under the GNU GPL version 3 or higher.