1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta http-equiv="Content-Language" content="en"><title>Kernel Log Input Module (imklog)</title>
</head>
<body>
<a href="rsyslog_conf_modules.html">back</a>
<h1>Kernel Log Input Module</h1>
<p><b>Module Name: imklog</b></p>
<p><b>Author: </b>Rainer Gerhards
<rgerhards@adiscon.com></p>
<p><b>Description</b>:</p>
<p>Reads messages from the kernel log and submits them to the
syslog engine.</p>
<p><b>Configuration Directives</b>:</p>
<ul>
<li><strong>LogPath</strong><br>
The path to the Kernel log. This value should only be changed if you really know what
you are doing.</li>
<li><strong>InternalMsgFacility
<facility></strong><br>
The facility which messages internally generated by imklog will have.
imklog generates some messages of itself (e.g. on problems, startup and
shutdown) and these do not stem from the kernel. Historically, under
Linux, these too have "kern" facility. Thus, on Linux platforms the
default is "kern" while on others it is "syslogd". You usually do not
need to specify this configuration directive - it is included primarily
for few limited cases where it is needed for good reason. Bottom line:
if you don't have a good idea why you should use this setting, do not
touch it.</li>
<li><b>PermitNonKernelFacility [on/<i>off</i>]</b><br>
At least under BSD the kernel log may contain entries
with non-kernel facilities. This setting controls how those are
handled. The default is "off", in which case these messages are
ignored. Switch it to on to submit non-kernel messages to rsyslog
processing.</li>
<li><b>ParseKernelTimeStamp</b> [on/<b>off</b>]<br>
If enabled and the kernel creates a timestamp for its log messages, this timestamp will be
parsed and converted into regular message time instead to use the receive time of the kernel
message (as in 5.8.x and before). Default is to not parse the kernel timestamp, because the
clock used by the kernel to create the timestamps is not supposed to be as accurate as the
monotonic clock required to convert it. Depending on the hardware and kernel, it can result
in message time differences between kernel and system messages which occurred at same time.
<li><b>KeepKernelTimeStamp</b> [on/<b>off</b>]<br>
If enabled, this option causes to keep the [timestamp] provided by the kernel at the begin
of in each message rather than to remove it, when it could be parsed and converted into
local time for use as regular message time. Only used when <b>ParseKernelTimestamp</b> is on.
<li><b>ConsoleLogLevel</b> [<i>number</i>]
(former klogd -c option) -- sets the console log level. If specified, only messages with
up to the specified level are printed to the console. The default is -1, which means that
the current settings are not modified. To get this behavior, do not specify
ConsoleLogLevel in the configuration file. Note that this is a global parameter. Each time
it is changed, the previous definition is re-set. The one activate will be that one that is
active when imklog actually starts processing. In short words: do not specify this
directive more than once!
</ul>
<b>Caveats/Known Bugs:</b>
<p>This is obviously platform specific and requires platform
drivers.
Currently, imklog functionality is available on Linux and BSD.</p>
<p>This module is <b>not supported on Solaris</b> and not needed there.
For Solaris kernel input, use <a href="imsolaris.html">imsolaris</a>.</p>
<p><b>Sample:</b></p>
<p>The following sample pulls messages from the kernel log. All
parameters are left by default, which is usually a good idea. Please
note that loading the plugin is sufficient to activate it. No directive
is needed to start pulling kernel messages.<br>
</p>
<textarea rows="4" cols="60">module(load="imklog")
</textarea>
<p><b>Legacy Configuration Directives</b>:</p>
<ul>
<li><strong>$KLogInternalMsgFacility
<facility></strong><br>
equivalent to: InternalMsgFacility</li>
<li><span style="font-weight: bold;">$KLogPermitNonKernelFacility
[on/<span style="font-style: italic;">off</span>]<br>
equivalent to: PermitNonKernelFacility</li>
<li><span style="font-weight: bold;"></span>$DebugPrintKernelSymbols
[on/<b>off</b>]<br>
Linux only, ignored on other platforms (but may be specified)</li>
<li><b>$klogLocalIPIF</b> [interface name] - (available since 5.9.6) - if provided, the IP of the specified
interface (e.g. "eth0") shall be used as fromhost-ip for imklog-originating messages.
If this directive is not given OR the interface cannot be found (or has no IP address),
the default of "127.0.0.1" is used.
</li>
<li>$klogSymbolLookup [on/<b>off</b>] --
disables imklog kernel symbol translation (former klogd -x option). NOTE that
this option is counter-productive on recent kernels (>= 2.6) because the
kernel already does the symbol translation and this option breaks the information.<br>
<b>This option is scheduled for removal, probably with version 4.x.</b> Do not use
it except if you have a very good reason. If you have one, let us know
because otherwise new versions will no longer support it.<br>
Linux only, ignored on other platforms (but may be specified)</li>
<li><b>$klogConsoleLogLevel</b> [<i>number</i>]
<br>equivalent to: ConsoleLogLevel</li>
<li><b>$klogUseSyscallInterface</b> [on/<b>off</b>]
-- former klogd -s option<br>
Linux only, ignored on other platforms (but may be specified)</li>
<li>$klogSymbolsTwice [on/<b>off</b>] --
former klogd -2 option<br>
Linux only, ignored on other platforms (but may be specified)<br style="font-weight: bold;">
</li>
<li><b>$klogParseKernelTimeStamp</b> [on/<b>off</b>]<br>
equivalent to: ParseKernelTimeStamp</li>
<li><b>$klogKeepKernelTimeStamp</b> [on/<b>off</b>]<br>
equivalent to: KeepKernelTimeStamp</li>
</ul>
<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
<p><font size="2">This documentation is part of the
<a href="http://www.rsyslog.com/">rsyslog</a>
project.<br>
Copyright © 2008-2012 by <a href="http://www.gerhards.net/rainer">Rainer
Gerhards</a> and
<a href="http://www.adiscon.com/">Adiscon</a>.
Released under the GNU GPL version 3 or higher.</font></p>
</body></html>
|