|Main Archive Page > Month Archives > syslog-ng-users archives|
So I'm trying to find a way to buffer logs from extremely early in the
boot process (from when the initramfs is still running), and then dump
them to syslog-ng once it starts. Has anyone done anything similar?
The only real idea that comes to mind is to use busybox's syslogd and
have it use a circular buffer, then configure syslog-ng with a program
source that reads the buffer and then terminates the the daemon
(something like 'logread ; pkill -x syslogd &>/dev/null'), and set
follow_freq to 0. Whether this will work or not, I dont know as I've
never played with program sources. Also a problem I see with this is
that the busybox syslogd would need to be killed before syslog-ng tries
to open /dev/log and /proc/kmsg, but I'm not sure how to go about that.
I do seem to recall some other utility I've ran across in my travels
that is designed for this exact purpose, in that it buffers syslog
messages during boot, then dumps its buffer once the main syslog daemon
has started and terminates, but I cant remember what its called (and
google is failing me).
So does anyone have any good ideas for solving this situation?
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng