syslog output not in chronological order, mandriva 2005, initng not installed

Emmanuel_uk · 07-20-2006, 10:16 AM

The syslog entries are not all in chronological order (Example below).
It is like logging was interleaved sometimes.
Cannot make sense of why (conf files and man pages), and no luck with google.
Thanks for any suggestion. More info about config after.

Code:

Jul 19 18:21:02 localhost : Loading module: stallion
Jul 19 18:21:25 localhost kernel: Probing IDE interface ide1...
Jul 19 18:21:02 localhost : Loading module: sx
Jul 19 18:21:25 localhost kernel: hdc: _NEC DVD_RW ND-3500AG, ATAPI CD/DVD-ROM drive
Jul 19 18:21:02 localhost : Loading module: synclink
Jul 19 18:21:25 localhost kernel: hdd: _NEC DVD_RW ND-3540A, ATAPI CD/DVD-ROM drive
Jul 19 18:21:02 localhost : Loading module: synclinkmp
Jul 19 18:21:25 localhost kernel: ide1 at 0x170-0x177,0x376 on irq 15
Jul 19 18:21:02 localhost : Loading module: nvidia-agp

Jul 19 19:33:13 localhost kernel: ACPI: Subsystem revision 20050211
Jul 19 19:32:42 localhost rc.sysinit: Loading default keymap succeeded
Jul 19 19:33:13 localhost kernel: ACPI: Interpreter disabled.
Jul 19 19:32:42 localhost rc.sysinit: Setting hostname localhost:  succeeded
Jul 19 19:33:13 localhost kernel: Linux Plug and Play Support v0.97 (c) Adam Belay
Jul 19 19:32:42 localhost usb: Initializing USB controller (ohci-hcd):  succeeded
Jul 19 19:33:13 localhost kernel: pnp: PnP ACPI: disabled
Jul 19 19:32:43 localhost usb: Initializing USB controller (ehci-hcd):  succeeded
Jul 19 19:33:13 localhost kernel: PCI: Probing PCI hardware
Jul 19 19:32:43 localhost usb: Mount USB filesystem succeeded
Jul 19 19:33:13 localhost kernel: PCI: Probing PCI hardware (bus 00)
Jul 19 19:32:44 localhost modprobe: cupsd: no process killed
Jul 19 19:33:14 localhost kernel: PCI: nForce2 C1 Halt Disconnect fixup
Jul 19 19:32:44 localhost usb: Loading USB printer succeeded
Jul 19 19:33:14 localhost kernel: PCI: Using IRQ router default [10de/01e0] at 0000:00:00.0

# ps -eaf | grep log
root 9018 1 0 19:33 ? 00:00:00 syslogd -m 3330 -a /var/spool/postfix/dev/log
root 9053 1 0 19:33 ? 00:00:00 klogd -2

# cat /usr/src/linux-2.6.11-13mdk/.config | grep BUF_S
CONFIG_LOG_BUF_SHIFT=14
2.6.11-13mdkcustom, but it did that with the previous stock kernel as well.
Cannot say when problem started, month and month ago before I knew much
about linux. Never installed initng BTW.
Also I think it was still doing it with 2.6.11-13mdkcustom when buffer was 128 Ko.
Running a sempron 32 bits PC

# cat /etc/syslog.conf

Code:

# Various entry
auth,authpriv.*                                                 /var/log/auth.log
*.*;auth,authpriv.none                                          -/var/log/syslog
user.*                                                          -/var/log/user.log

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;;news.none;authpriv.none                                       -/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                                      /var/log/secure
# Mail logging
mail.=debug;mail.=info;mail.=notice                             -/var/log/mail/info
mail.=warn                                                      -/var/log/mail/warnings
mail.err                                                        -/var/log/mail/errors
# Cron logging
cron.=debug;cron.=info;cron.=notice                             -/var/log/cron/info
cron.=warn                                                      -/var/log/cron/warnings
cron.err                                                        -/var/log/cron/errors
# Kernel logging
kern.=debug;kern.=info;kern.=notice                             -/var/log/kernel/info
kern.=warn                                                      -/var/log/kernel/warnings
kern.err                                                        /var/log/kernel/errors
# Lpr logging
lpr.=debug;lpr.=info;lpr.=notice                                -/var/log/lpr/info
lpr.=warn                                                       -/var/log/lpr/warnings
lpr.err                                                         -/var/log/lpr/errors
# Daemons logging
daemon.=debug;daemon.=info;daemon.=notice                       -/var/log/daemons/info
daemon.=warn                                                    -/var/log/daemons/warnings
daemon.err                                                      -/var/log/daemons/errors
# Everybody gets emergency messages
*.emerg                                                         *
# Save boot messages also to boot.log
local7.*                                                        -/var/log/boot.log
# Explanations from Mandrake Linux configuration tools
local1.*                                                        -/var/log/explanations
*.* /dev/tty12

# Sample syslog.conf entries
              *.info;local4.none;local4.warn  /var/log/messages
              local4.info                        -/var/log/sensors
              local4.alert                        /dev/console
              local4.alert                        *

unSpawn · 07-21-2006, 04:12 AM

Could it be due to explicitly specifying "don't sync" (the entries where logfilename has a minus prefixed)?

Emmanuel_uk · 07-22-2006, 12:59 PM

It is nearly worse once removing the minus signs. Mangled bios map!
then clock jumps by 1 hour
cat /etc/syslog.conf | grep '-' (not result now)

Code:

Jul 22 18:51:52 localhost syslogd 1.4.1: restart.
Jul 22 18:51:52 localhost kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jul 22 18:51:52 localhost kernel: Inspecting /boot/System.map-2.6.11-13mdkcustom
Jul 22 18:51:53 localhost kernel: Loaded 17717 symbols from /boot/System.map-2.6.11-13mdkcustom.
Jul 22 18:51:53 localhost kernel: Symbols match kernel version 2.6.11.
Jul 22 18:51:53 localhost kernel: No module symbols loaded - kernel modules not enabled.
Jul 22 18:51:53 localhost kernel: Linux version 2.6.11-13mdkcustom (root@localhost) (gcc version 3.4.3 (Mandrakelinux 10.2 3.4.3-7mdk)) #3 Wed Jul 19 19:30:36 BST 2006
Jul 22 18:51:53 localhost kernel: BIOS-provided physical RAM map:
Jul 22 18:51:53 localhost kernel:  BIOS-e820: 000000003fff3000 - 0000000040000000 (ACPI data)
Jul 22 18:51:53 localhost partmon: Checking if partitions have enough free diskspace:
Jul 22 18:51:53 localhost kernel:  BIOS-e820: 00000000fec00000 - 00000000fec01000 (reserved)
Jul 22 18:51:54 localhost dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67
Jul 22 18:51:54 localhost kernel: DMI 2.2 present.
Jul 22 18:51:54 localhost dhclient: DHCPACK from 192.168.1.1
Jul 22 18:51:54 localhost kernel: ACPI: RSDP (v000 Nvidia                                ) @ 0x000f75e0
Jul 22 18:51:54 localhost NET: /sbin/dhclient-script : updated /etc/resolv.conf
Jul 22 18:51:55 localhost kernel: ACPI: RSDT (v001 Nvidia AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x3fff3000
Jul 22 18:51:55 localhost dhclient: bound to 192.168.1.100 -- renewal in 292088 seconds.
Jul 22 19:51:23 localhost rc.sysinit: Setting default font (lat0-16):  succeeded
Jul 22 18:51:55 localhost kernel: ACPI: FADT (v001 Nvidia AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x3fff3040
Jul 22 18:51:57 localhost postfix/postfix-script: fatal: the Postfix mail system is not running
Jul 22 18:51:57 localhost cups: cupsd startup succeeded
Jul 22 19:51:23 localhost rc.sysinit: Mounting proc filesystem succeeded
Jul 22 18:51:57 localhost kernel: ACPI: MADT (v001 Nvidia AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x3fff7640
Jul 22 18:51:57 localhost netplugd[8951]: eth0: state INNING pid 8952 exited status 0
Jul 22 19:51:23 localhost rc.sysinit: Mounting sysfs on /sys succeeded

The chronological problem was happening before, when I was using the stock kernel linux-2.6.11-6mdk.

I thought it might be because of swatch, but swatch is started by .kde/Autostart/myscript.sh
konsole --noclose -T realtime_syslog -e sudo swatch -c /etc/swatchrc --tail-file=/var/log/syslog

logrotate is the default config

Code:

# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own lastlog, wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/var/log/lastlog {
    monthly
    rotate 1
}

Emmanuel_uk · 07-23-2006, 10:14 AM

The last time with an hour difference is
Jul 23 16:51:59 localhost rc.sysinit: Configuring kernel parameters: succeeded.
Then the clock is set correctly by
Jul 23 15:51:58 localhost rc.sysinit: Setting clock (localtime): Sun Jul 23 15:51:58 BST 2006 succeeded.
The bios time is set to London Time. So is linux
That does not stop shorewall (at 52 seconds) beeing mangled with earlier kernel outputs at (25 seconds)

Code:

Jul 23 15:52:26 localhost syslogd 1.4.1: restart.
Jul 23 15:52:26 localhost kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jul 23 15:52:26 localhost kernel: Inspecting /boot/System.map-2.6.11-13mdkcustom
Jul 23 15:52:27 localhost kernel: Loaded 17717 symbols from /boot/System.map-2.6.11-13mdkcustom.
Jul 23 15:52:27 localhost kernel: Symbols match kernel version 2.6.11.
Jul 23 15:52:27 localhost kernel: No module symbols loaded - kernel modules not enabled.
...
Jul 23 15:52:30 localhost kernel: ACPI: MADT (v001 Nvidia AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x3fff7640
Jul 23 15:52:31 localhost postfix/postfix-script: fatal: the Postfix mail system is not running
Jul 23 15:52:31 localhost cups: cupsd startup succeeded
Jul 23 16:51:58 localhost rc.sysinit: Mounting proc filesystem succeeded
Jul 23 15:52:31 localhost kernel: ACPI: DSDT (v001 NVIDIA AWRDACPI 0x00001000 MSFT 0x0100000e) @ 0x00000000
Jul 23 15:52:31 localhost netplugd[8978]: eth0: state INNING pid 8979 exited status 0
Jul 23 16:51:58 localhost rc.sysinit: Mounting sysfs on /sys succeeded
Jul 23 15:52:31 localhost kernel: ACPI: PM-Timer IO Port: 0x4008
Jul 23 16:51:58 localhost rc.sysinit: Unmounting initrd:  succeeded
Jul 23 15:52:31 localhost kernel: ACPI: Local APIC address 0xfee00000
Jul 23 16:51:59 localhost rc.sysinit: Configuring kernel parameters:  succeeded
Jul 23 15:52:31 localhost kernel: ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
Jul 23 15:51:58 localhost date: Sun Jul 23 15:51:58 BST 2006
Jul 23 15:52:32 localhost kernel: Processor #0 6:8 APIC version 16
Jul 23 15:51:58 localhost rc.sysinit: Setting clock  (localtime): Sun Jul 23 15:51:58 BST 2006 succeeded
Jul 23 15:52:32 localhost kernel: ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1])
Jul 23 15:51:58 localhost rc.sysinit: Loading default keymap succeeded
Jul 23 15:52:32 localhost kernel: Allocating PCI resources starting at 40000000 (gap: 40000000:bec00000)
Jul 23 15:51:58 localhost rc.sysinit: Setting hostname localhost:  succeeded
Jul 23 15:52:32 localhost kernel: Built 1 zonelists
Jul 23 15:51:58 localhost usb: Initializing USB controller (ohci-hcd):  succeeded
Jul 23 15:52:32 localhost kernel: Found and enabled local APIC!
Jul 23 15:51:59 localhost usb: Initializing USB controller (ehci-hcd):  succeeded
Jul 23 15:52:32 localhost kernel: mapped APIC to ffffd000 (fee00000)
Jul 23 15:52:00 localhost usb: Mount USB filesystem succeeded
Jul 23 15:52:32 localhost alsa:  succeeded
Jul 23 15:52:32 localhost kernel: Initializing CPU#0
Jul 23 15:52:00 localhost modprobe: cupsd: no process killed
Jul 23 15:52:32 localhost kernel: Kernel command line: root=/dev/hda6 devfs=nomount splash=silent acpi=ht resume=/dev/hdb8 vga=788
Jul 23 15:52:00 localhost usb: Loading USB printer succeeded
...
Jul 23 15:52:52 localhost kernel: eth1394: eth2: IEEE-1394 IPv4 over 1394 Ethernet (fw-host0)
Jul 23 15:52:25 localhost shorewall:    Rule "REJECT - - tcp 113" added.
Jul 23 15:52:52 localhost smartd[12501]: Device: /dev/hda, enabled SMART Automatic Offline Testing.
Jul 23 15:52:52 localhost kernel: ohci1394: fw-host0: SelfID received outside of bus reset sequence
Jul 23 15:52:25 localhost shorewall: Processing /usr/share/shorewall/action.AllowICMPs for Chain AllowICMPs...

unSpawn · 07-24-2006, 05:32 PM

check "grep ZONE /etc/sysconfig/clock" and see if its similar to your TZ?

Emmanuel_uk · 07-26-2006, 01:41 AM

#grep ZONE /etc/sysconfig/clock
ZONE=Europe/London
# env | grep -i time
LC_TIME=en_GB

I booted with a 2.4 stock mandriva kernel of the distro:
Still mangled syslog.

I installed mandy 2005 on a spare partition (the syslog is fine there,
the one hour problem does not even occur) to try
to diff -ru /etc/rc.d . No definite conclusion yet.
I will try to investigate partmon because it is the first occurence
in the syslog that interleaved with the bios output.

I deleted and created a new empty syslog in case it was too big on the 23/07
or in case there was something wrong with logrotate.
# ls -l /var/log/syslog*
-rw-r----- 1 root root 1105331 Jul 25 17:27 /var/log/syslog
-rw-r----- 1 root root 147422 Jun 25 04:02 /var/log/syslog.1.gz
-rw-r----- 1 root root 336053 Jun 20 04:02 /var/log/syslog.2.gz
-rw-r----- 1 root root 132901 Jun 11 04:02 /var/log/syslog.3.gz
-rw-r----- 1 root root 1359994 Jun 6 04:02 /var/log/syslog.4.gz
-rw-r----- 1 root root 152228 Apr 23 04:02 /var/log/syslog.5.gz
-rw-r----- 1 root root 819601 Jul 23 17:25 /var/log/syslog.old230706.gz

Code:

# cat /etc/logrotate.conf
weekly
rotate 4
create
compress
include /etc/logrotate.d

# cat /etc/logrotate.d/syslog
/var/log/auth.log /var/log/syslog /var/log/user.log /var/log/secure /var/log/messages /var/log/boot.log /var/log/mail/errors /var/log/mail/info /var/log/mail/warnings /var/log/cron/errors /var/log/cron/info /var/log/cron/warnings /var/log/kernel/errors /var/log/kernel/info /var/log/kernel/warnings /var/log/lpr/errors /var/log/lpr/info /var/log/lpr/warnings /var/log/news/news.err /var/log/news/news.notice /var/log/news/news.crit /var/log/daemons/errors /var/log/daemons/info /var/log/daemons/warnings /var/log/explanations
{
sharedscripts
rotate 5
weekly
postrotate
/usr/bin/killall -HUP syslogd #
endscript
}

unSpawn · 07-26-2006, 05:10 AM

Verify settings using http://www.tldp.org/HOWTO/TimePrecis...WTO/index.html?

Emmanuel_uk · 07-26-2006, 11:28 AM

thanks for the advice. cannot find anything abnormal

diff -ru /etc/localtime /mandy2005stock/etc/localtime (none)
# ls -al /etc/localtime
-rw-r--r-- 2 root root 1323 May 20 2005 /etc/localtime
# ls -al /mandy2005stock/etc/localtime
-rw-r--r-- 2 root root 1323 Jul 24 21:02 /mandy2005stock/etc/localtime

diff -ru /etc/sysconfig/clock /mandy2005stock/etc/sysconfig/clock (none)

# cat /etc/sysconfig/clock
UTC=false
ARC=false
ZONE=Europe/London

# hwclock --show; date
Wed 26 Jul 2006 17:08:15 BST -0.224579 seconds
Wed Jul 26 17:08:15 BST 2006
# hwclock --show --utc; date
Wed 26 Jul 2006 18:09:56 BST -0.878046 seconds
Wed Jul 26 17:09:56 BST 2006

edit: Adding some more trials
Left only very few services on

Code:

dm              0:off   1:off   2:off   3:off   4:off   5:on    6:off
keytable        0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
udev            0:off   1:off   2:on    3:on    4:on    5:on    6:off

and removed devfs=nomount from grub (no idea why this was in there;
a stock mandy 2005 does not have this parameter. Must have come
when I overwrote grub with other distro when I was learning about grub,
actually probably mandy 2006 when I tried it)
the kernel syslog was less mangled without devfs=nomount,
mangling starts with acpi, then from 19:47:40 it is ok
(this test was with the stock kernel rather than a custom one).

Code:

Jul 26 19:47:25 localhost kernel: 127MB HIGHMEM available.
Jul 26 19:47:25 localhost kernel: 896MB LOWMEM available.
Jul 26 19:47:25 localhost kernel: On node 0 totalpages: 262128
Jul 26 19:47:25 localhost kernel:   DMA zone: 4096 pages, LIFO batch:1
Jul 26 19:47:26 localhost kernel:   Normal zone: 225280 pages, LIFO batch:16
Jul 26 19:47:26 localhost kernel:   HighMem zone: 32752 pages, LIFO batch:7
Jul 26 19:47:26 localhost kernel: DMI 2.2 present.
Jul 26 19:47:26 localhost kernel: ACPI: RSDP (v000 Nvidia                                ) @ 0x000f75e0
Jul 26 19:47:26 localhost xfs: xfs startup succeeded
Jul 26 19:47:26 localhost kernel: ACPI: RSDT (v001 Nvidia AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x3fff3000
Jul 26 19:47:26 localhost dm: Display manager startup succeeded
Jul 26 19:47:26 localhost kernel: ACPI: FADT (v001 Nvidia AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x3fff3040
...
Jul 26 19:47:39 localhost kernel: pnp: PnP ACPI: disabled
Jul 26 19:47:07 localhost keytable: Loading keymap: uk succeeded
Jul 26 19:47:39 localhost kernel: PnPBIOS: Disabled
Jul 26 19:47:08 localhost loadkeys: Loading /usr/lib/kbd/keymaps/include/compose.latin9.inc.gz
Jul 26 19:47:39 localhost kernel: PCI: Probing PCI hardware
Jul 26 19:47:08 localhost keytable: Loading compose keys: compose.latin9.inc succeeded
Jul 26 19:47:39 localhost kernel: PCI: Probing PCI hardware (bus 00)
Jul 26 19:47:08 localhost keytable:  succeeded
Jul 26 19:47:39 localhost kernel: PCI: nForce2 C1 Halt Disconnect fixup
Jul 26 19:47:16 localhost rc.sysinit: Enabling swap space:  succeeded
Jul 26 19:47:40 localhost kernel: PCI: Using IRQ router default [10de/01e0] at 0000:00:00.0
Jul 26 19:47:17 localhost rc.sysinit: Initializing firewire controller (ohci1394):  succeeded
Jul 26 19:47:40 localhost kernel: spurious 8259A interrupt: IRQ7.
Jul 26 19:47:20 localhost mandrake_everytime: Starting netprofile:  succeeded
Jul 26 19:47:40 localhost kernel: apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16ac)
Jul 26 19:47:21 localhost init: Entering runlevel: 5
Jul 26 19:47:40 localhost kernel: audit: initializing netlink socket (disabled)
Jul 26 19:47:40 localhost kernel: audit(1153943205.053:0): initialized
Jul 26 19:47:40 localhost kernel: highmem bounce pool size: 64 pages
Jul 26 19:47:40 localhost kernel: inotify device minor=63
Jul 26 19:47:40 localhost kernel: VFS: Disk quotas dquot_6.5.1
Jul 26 19:47:40 localhost kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Jul 26 19:47:40 localhost kernel: devfs: 2004-01-31 Richard Gooch (rgooch@atnf.csiro.au)
Jul 26 19:47:40 localhost kernel: devfs: boot_options: 0x0

so still not solved

unSpawn · 07-26-2006, 05:51 PM

diff -ru /etc/localtime /mandy2005stock/etc/localtime
Shouldn't you compare with /usr/share/zoneinfo/Europe/London ? (or /usr/share/zoneinfo/posix/Continent/City if you want DST)

What I did to combat time skew was:
- change TZ from Continent/City to /usr/share/zoneinfo/posix/Continent/City in /etc/sysconfig/clock (kernel)
- copy (not link) /usr/share/zoneinfo/posix/Continent/City to /etc/localtime (glibc)
- reboot and check /etc resources and running processes for skewed TZ
(- installed NTPd.)

Emmanuel_uk · 07-28-2006, 01:36 AM

Thanks again for staying with the problem.
Have now copied whole /etc to overwrite /mandy2005stock/etc
(and kept backup of working-fine etc in /mandy2005stock/etcback)
So I have a broken test system /mandy2005stock that I can reboot at will
with the exact grub command from stock.
AFAI can tell so far, the problem file is not /etc/rc* (none of the rc?.d)
nor the /etc/init.rd (whichever the directory name where the init scripts are
for the links in rc?.d)

I can break the system, no prob.
Tried to replicate problem in single mode (grub single keyword), because faster to boot,
but even by editing the /etc/single to remove in it the kills,
and by doing chkconfig --level alsa,syslog,partmon 1 on,
(yes some services enabled at run level 1) I cannot get (much) things written to /syslog
(3 lines about alsa or nothing, cannot remember, so many reboot)
at least not the BIOS map and all these bootmessages I am interested to keep.

Any idea on how to enable single mode with full syslog of boot and services?

Anyhow, working by dichotomy on /etc now because I cannot think of better
Painfull process. I could no pinpoint anything from
diff -ru /mandy2005stock/etcback /mandy2005stock/etc

Quote:

diff -ru /etc/localtime /mandy2005stock/etc/localtime
Shouldn't you compare with /usr/share/zoneinfo/Europe/London ?

Well I know /mandy2005stock/ (a full stock install of the distro) is working ok,
so I compare this way.
Did also previously cp ...zoneinfo/Europe/London /etc/localtime
Did previously a replacement /var/log by /mandy2005stock/var/log
No luck either

Quote:

- reboot and check /etc resources and running processes for skewed TZ

the mangling-trigger seems to be rc.sysinit, but the syslog
is in such a poor state order that even with some greps I cannot be sure
which process is mangling the line

Summary it is not:
/etc/localtime
a kernel issue or size of kernel ring buffer for syslog
somethign or size problem in /var/log
/etc/rc*
/etc/init.d

Emmanuel_uk · 07-28-2006, 02:45 PM

found the offending lines in /etc/syslog.conf

this is were I looked in the first place.
One or more of these are creating the chronological problem,
and

I did insert local4 for lm_sensors

Quote:

# Sample syslog.conf entries
*.info;local4.none;local4.warn /var/log/messages
local4.info -/var/log/sensors
local4.alert /dev/console
local4.alert *

1) It is not formated with tab (may not matter)
2) *.info to /var/log/messages contradicts
*.info;mail.none;;news.none;authpriv.none -/var/log/messages
that is I doubt the same file can be accessed sync and async at the same time
4) *.info is duplicated (not good is it?)

But I have learn many things with this problem, so not all bad

Thanks for the help

unSpawn · 08-01-2006, 08:28 AM

Thanks again for staying with the problem.
NP.

Any idea on how to enable single mode with full syslog of boot and services?
Hmm. Maybe add a GRUB entry booting into runlevel 2 and chkconfig services to run in that level. 2 isn't used most of the times anyway so it's free for whatever you want to do with it.

and I did insert local4 for lm_sensors
As long as it conforms to syslog.conf format that should be no problem. What happens with the local4 lines commented out and syslog restarted?

1) It is not formated with tab (may not matter)
With /etc/syslog.conf it *does* matter very much so I've found.

2) *.info to /var/log/messages contradicts *.info;mail.none;;news.none;authpriv.none -/var/log/messages that is I doubt the same file can be accessed sync and async at the same time
Sounds like a solid conclusion.

4) *.info is duplicated (not good is it?)
"*.info" does dump all the information at that level into the log while "*.info;mail.none;;news.none;authpriv.none" filters what could be considered being private information. Duplication isn't the problem (OK, except wrt for performance) but what and where you want to log and for what purpose. If you're using the info for alerting then having less logfiles will mean less files to write and read but probably larger logs (unless more often rotated). If you aren't interested in messages below the warning level then there's no reason to log them.

I'm quite baffled as to how this came to be and still persists.
Maybe it would be good to go back to start and try again.
Are there any kernel or app version difs between this install and your installed stock Mandy?

Emmanuel_uk · 08-01-2006, 08:43 AM

Quote:

I'm quite baffled as to how this came to be and still persists.

Sorry I did not explain well: The problem is now solved, and it was because of 1) 2) or 4)
(No 3... must I have thought of 1 mroe reason initialy)

It came to be when I inserted
*.info;local4.none;local4.warn /var/log/messages
from the man page of lm_sensors (Never thought about checking congruence for sync/async)
and it is either the tabulations and/or the simultaneous sync and async on /var/log/messages.
I do not know since I removed *.info and made /var/log/messages async everywhere.
So it reads now
local4.none;local4.warn -/var/log/messages

The strange thing though, is that I was looking at a mangled syslog file, not messages.
Now syslog is not mangled anymore. No idea about messages.

Quote:

Maybe it would be good to go back to start and try again.

Well, now it works, I might just test the simultaneous async/sync combination

unSpawn · 08-01-2006, 09:41 AM

Well, now it works
Congrats, seems you fixed it *and* know what to test for next. Rather neat, I'd say.