The 2004-03-08 at 09:36 -0600, McAllister, Andrew wrote:

We enabled kernel messages to the serial port by doing the following:

Boot line in Grub: kernel (hd0,3)/boot/vmlinuz root=/dev/sda4 acpi=oldboot vga=791 console=ttyS0 console=tty0

Ah, directly from the kernel; I'm not very familiar with that. But two consoles? ttyS0 is the serial port, but tty0 is a text console (which? not C-A-F1). Why do you set that one?

# print most on tty10 and on the xconsole pipe # kern.warn;*.err;authpriv.none /dev/tty10 *.err;authpriv.none |/dev/xconsole *.emerg * # ABM added infos to the firewall log (set log level # to info in SuSEfirewall2) # the - means don't sync the log file kern.info -/var/log/firewall

This means that only messages above info level will go to the "-/var/log/firewall" file - or, anything else but "debug". | The priority is one of the following keywords, | in ascending order: debug, info, notice, | warning, warn (same as warning), err, error | (same as err), crit, alert, emerg, panic | (same as emerg). The keywords error, warn | and panic are deprecated and should not be | used anymore. The priority defines the | severity of the message So far, so good.

# ABM send all other kernel messags to messages kern.*;kern.!info /var/log/messages

Now, this one... :-? | This syslogd(8) has a syntax extension to the | original BSD source, that makes its use more | intuitively. You may precede every priority | with an equation sign (``='') to spec- ify only | this single priority and not any of the above. | You may also (both is valid, too) precede the | priority with an exclamation mark (``!'') to | ignore all that priorities, either exact this | one or this and any higher priority. If you | use both extensions than the exclamation mark | must occur before the equation sign, just | use it intuitively. It is not very intuitive to me... This is a man page at it best :-p

kern.*;kern.!info /var/log/messages

Ok, then, "kern.!info" would be: "ignore all that priorities, either exact this one or this and any higher priority"... No, I give up. It's being a long day for me. I can't decipher that at this time of night O:-) But on the same line you have kern.*, which would log everything, unbuffered. Lets put it other way: what do you want to log there? I use this: *.=warn;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;news.none;kern.none -/var/log/messages kern.* -/var/log/firewall Only critical messages are written immediately (warning and errors are buffered) on "/var/log/warn". Kernel messages can be a lot, so I don't write them twice (messages and firewall). Perhaps you could use something: kern.* -/var/log/kernel *.*;mail.none;news.none;kern.warn -/var/log/messages (firewall messages will go as well to the "/var/log/warn", anyway, if defined as previously, because they are warnings) As to firewall messages going to the serial port... they are kernel messages, they should go there, I think. I don't know at this moment how that is adjusted.

So now all firewall messages go to /var/log/firewall until logrotate runs after which they go to the serial port and bog the machine down. Very strange.

Yes... I thought the other day you were writing to the serial port from syslog, not from the kernel. I think that is designed for troubleshooting some thing, not for continuous use. -- Cheers, Carlos Robinson