klogd

Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services

NAME

       klogd - kernel log daemon.



SYNOPSIS

       klogd  [ -c n ] [ -d ] [ -f fname ] [ -n ] [ -o ] [ -s ] [
       -k fname ] [ -v ]



DESCRIPTION

       klogd is a system daemon which intercepts and  logs  Linux
       kernel messages.



OPTIONS

       -c n   Sets  the  default log level of console messages to
              n.

       -d     Enable debugging mode.  This will generate LOTS  of
              output to stderr.

       -f file
              Log  messages to the specified filename rather than
              to the syslog facility.

       -n     Avoid auto-backgrounding. This is needed especially
              if  the klogd is started and controlled by init(8).

       -o     Execute in 'one-shot' mode.  This causes  klogd  to
              read and log all the messages that are found in the
              kernel message buffers.  After a  single  read  and
              log cycle the daemon exits.

       -s     Force klogd to use the system call interface to the
              kernel message buffers.

       -k file
              Use the specified file as the source of kernel sym-
              bol information.

       -v     Print version and exit.



OVERVIEW

       The functionality of klogd has been typically incorporated
       into other versions of syslogd but this seems to be a poor
       place for it.  In the modern Linux kernel a number of ker-
       nel messaging issues such as sourcing, prioritization  and
       resolution  of kernel addresses must be addressed.  Incor-
       porating kernel logging into a separate process  offers  a
       cleaner separation of services.

       In  Linux  there  are  two potential sources of kernel log
       information:  the  /proc  filesystem   and   the   syscall
       (sys_syslog)  interface,  although ultimately they are one
       and the same.   Klogd  is  designed  to  choose  whichever
       source  of  information  is the most appropriate.  It does
       this by first checking for the presence of a mounted /proc
       filesystem.  If  this is found the /proc/kmsg file is used
       as the source of  kernel  log  information.  If  the  proc
       filesystem  is  not  mounted  klogd  uses a system call to
       obtain kernel messages.  The command line switch (-s)  can
       be used to force klogd to use the system call interface as
       its messaging source.

       If kernel messages are directed through the syslogd daemon
       the  klogd  daemon,  as of version 1.1, has the ability to
       properly prioritize kernel messages. Prioritization of the
       kernel  messages  was added to it at approximately version
       0.99pl13 of the kernel. The raw kernel messages are of the
       form:

              <[0-7]>Something said by the kernel.

       The  priority of the kernel message is encoded as a single
       numeric digit enclosed inside the <>  pair.   The  defini-
       tions  of these values is given in the kernel include file
       kernel.h.  When a message is received from the kernel  the
       klogd  daemon  reads  this  priority level and assigns the
       appropriate priority level to the syslog message.  If file
       output  (-f)  is  used the prioritization sequence is left
       pre-pended to the kernel message.

       The klogd daemon also allows the ability to alter the pre-
       sentation  of kernel messages to the system console.  Con-
       sequent with the prioritization of kernel messages was the
       inclusion  of default messaging levels for the kernel.  In
       a stock kernel the the default console log level is set to
       7.   Any  messages with a priority level numerically lower
       than 7 (higher priority) appear on the console.

       Messages of priority level 7 are considered to be  'debug'
       messages  and  will  thus not appear on the console.  Many
       administrators, particularly in a multi-user  environment,
       prefer  that  all  kernel messages be handled by klogd and
       either directed to a file or to the syslogd daemon.   This
       prevents  'nuisance'  messages such as line printer out of
       paper or disk change detected from cluttering the console.

       By  default  the  klogd  daemon  executes a system call to
       inhibit all kernel messages (except for panics) from being
       displayed  on  the  console.  The -c switch can be used to
       alter this behavior.  The argument given to the -c  switch
       specifies  the  priority  level  of messages which will be
       directed to the console.  Note that messages of a priority
       value  LOWER than the indicated number will be directed to
       the console.

              For example, to have the kernel  display  all  mes-
              sages with a priority level of 3 (KERN_ERR) or more
              severe the following command would be executed:

                   klogd -c 4

       The definitions of the numeric values for kernel  messages
       are  given  in the file kernel.h which can be found in the
       /usr/include/linux directory if  the  kernel  sources  are
       installed.  These values parallel the syslog priority val-
       ues which are defined in the file syslog.h  found  in  the
       /usr/include/sys sub-directory.

       The klogd daemon can also be used in a 'one-shot' mode for
       reading the kernel message  buffers.   One  shot  mode  is
       selected  by specifying the -o switch on the command line.
       Output will be directed to either the syslogd daemon or to
       an alternate file specified by the -f switch.

              For  example, to read all the kernel messages after
              a system boot and record  them  in  a  file  called
              krnl.msg the following command would be given.

                   klogd -o -f ./krnl.msg



KERNEL ADDRESS RESOLUTION

       klogd  will attempt to resolve kernel numeric addresses to
       their symbolic forms if a kernel symbol table is available
       at  execution  time.   A  symbol table may be specified by
       using the -k switch on the command line.  If a symbol file
       is  not  explicitly specified the following filenames will
       be tried:

       /boot/System.map
       /System.map
       /usr/src/linux/System.map

       Version information is supplied in the system maps  as  of
       kernel 1.3.43.  This version information is used to direct
       an intelligent search of the list of symbol tables.   This
       feature  is useful since it provides support for both pro-
       duction and experimental kernels.

       For example a production kernel  may  have  its  map  file
       stored  in  /boot/System.map.   If an experimental or test
       kernel is compiled with  the  sources  in  the  'standard'
       location of /usr/src/linux the system map will be found in
       /usr/src/linux/System.map.  When klogd  starts  under  the
       experimental  kernel  the  map in /boot/System.map will be
       bypassed in favor of the map in /usr/src/linux/System.map.

       Modern kernels as of 1.3.43 properly format important ker-
       nel  addresses  so  that  they  will  be  recognized   and
       translated  by  klogd.   Earlier  kernels require a source
       code patch be applied to the kernel sources.   This  patch
       is supplied with the sysklogd sources.



SIGNAL HANDLING

       The  klogd  will  respond  to six signals: SIGHUP, SIGINT,
       SIGKILL,  SIGTERM,  SIGTSTP  and  SIGCONT.   The   SIGINT,
       SIGKILL,  SIGTERM and SIGHUP signals will cause the daemon
       to close its kernel log sources and terminate  gracefully.

       The SIGTSTP and SIGCONT singals are used to start and stop
       kernel logging. Upon receipt of a SIGTSTP signal the  dae-
       mon  will  close its log sources and spin in an idle loop.
       Subsequent receipt of a SIGCONT signal will cause the dae-
       mon  to  go  through  its  initialization sequence and re-
       choose an input source.  Using SIGSTOP and SIGCONT in com-
       bination  the  kernel  log  input can be re-chosen without
       stopping and restarting the daemon.  For  example  if  the
       /proc  file  system is to be un-mounted the following com-
       mand sequence should be used:

            # kill -TSTP pid
            # umount /proc
            # kill -CONT pid

       Notations will be made in the system  logs  with  LOG_INFO
       priority documenting the start/stop of logging.



FILES

       /proc/kmsg
              One Source for kernel messages klogd
       /var/run/klogd.pid
              The file containing the process id of klogd
       /System.map, /usr/src/linux/System.map
              Default locations for kernel system maps.


BUGS

       Probably numerous.  Well formed context diffs appreciated.



AUTHOR

       The  klogd  was   originally   written   by   Steve   Lord
       (lord@cray.com), Greg Wettstein made major improvements.

       Dr. Greg Wettstein (greg@wind.rmcc.com)
       Enjellic Systems Development

       Oncology Research Divsion Computing Facility
       Roger Maris Cancer Center
       Fargo, ND 58122
Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services
Copyright (C) 1998 Hurricane Electric. All Rights Reserved.