Ping uma porta específica

Question

Sai Chaithanya

Asked: 2024-06-08 00:32:25 +0800 CST2024-06-08 00:32:25 +0800 CST 2024-06-08 00:32:25 +0800 CST

syslog-ng não registra logs de nível de informação

772

Eu tenho a seguinte configuração do syslog-ng

@version: 4.6
#
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/426814
@include "scl.conf"

options {
    threaded(yes);
    chain_hostnames(no);

    # The default action of syslog-ng is to log a STATS line
    # to the file every 10 minutes.  That's pretty ugly after a while.
    # Change it to every 12 hours so you get a nice daily update of
    # how many messages syslog-ng missed (0).
    stats(freq(43200));
    # The default action of syslog-ng is to log a MARK line
    # to the file every 20 minutes.  That's seems high for most
    # people so turn it down to once an hour.  Set it to zero
    # if you don't want the functionality at all.
    mark_freq(3600);
};

source src { system(); internal(); };

destination messages { file("/var/log/messages"); };
destination kern { file("/var/log/kern.log"); };
destination auth { file("/var/log/auth.log"); };
destination mail { file("/var/log/mail.log"); };

filter kern_f { level(debug..emerg) and facility(kern); };
filter auth_f { level(debug..emerg) and facility(auth) and facility(authpriv); };
filter mail_f { level(debug..emerg) and facility(mail); };
filter default_f { level(debug..emerg) and not (facility(mail)) and not (facility(auth)) and not (facility(kern)); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); filter(default_f); destination(messages); };
log { source(src); filter(auth_f); destination(auth); };
log { source(src); filter(kern_f); destination(kern); };
log { source(src); filter(mail_f); destination(mail); };
log { source(src); destination(console_all); };

Mas meu kern.log exibe apenas os seguintes logs agora:

Jun  7 21:48:03 ash kernel: Loading firmware: rtl_nic/rtl8168h-2.fw
Jun  7 21:48:03 ash kernel: Generic FE-GE Realtek PHY r8169-0-700:00: at
tached PHY driver (mii_bus:phy_addr=r8169-0-700:00, irq=MAC)
Jun  7 21:48:03 ash kernel: r8169 0000:07:00.0 enp7s0: Link is Down
Jun  7 21:48:03 ash kernel: warning: `grep' uses wireless extensions whi
ch will stop working for Wi-Fi 7 hardware; use nl80211
Jun  7 21:48:04 ash kernel: (udev-worker) (887) used greatest stack dept
h: 11720 bytes left
Jun  7 21:48:04 ash kernel: iwlwifi 0000:00:14.3: Registered PHC clock:
iwlwifi-PTP, with index: 0
Jun  7 21:48:07 ash kernel: wlp0s20f3: authenticate with **:**:**:**:**:** (local address=**:**:**:**:**:**)
Jun  7 21:48:07 ash kernel: wlp0s20f3: send auth to **:**:**:**:**:** (t
ry 1/3)
Jun  7 21:48:07 ash kernel: wlp0s20f3: authenticated
Jun  7 21:48:07 ash kernel: wlp0s20f3: associate with **:**:**:**:**:**
(try 1/3)
Jun  7 21:48:07 ash kernel: wlp0s20f3: RX AssocResp from **:**:**:**:**:** (capab=0x1111 status=0 aid=5)
Jun  7 21:48:07 ash kernel: wlp0s20f3: associated
Jun  7 21:48:13 ash kernel: Bluetooth: RFCOMM TTY layer initialized
Jun  7 21:48:13 ash kernel: Bluetooth: RFCOMM socket layer initialized
Jun  7 21:48:13 ash kernel: Bluetooth: RFCOMM ver 1.11

Ao usar, sysklogdeu costumava obter todos os logs de informações, mas depois de mudar para syslog-ng, não vejo isso acontecendo?

Alguma razão para isso estar acontecendo?

EDITAR 1:

Detalhes do kernel do sistema:

Linux ash 6.9.3-gentoo #1 SMP PREEMPT_DYNAMIC Mon Jun 3 21:46:01 IST 2024 x86_64 Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz GenuineIntel GNU/Linux

EDITAR 2:

Alterado o loglevel padrão do kernel para 6 na configuração do grub, logs após a inicialização indicando que o loglevel está explicitamente definido:

dmesg -l info
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.9.3-gentoo root=PARTUUID=4a5f5d65-81be-e24d-bedc-aeb2f0b24295 ro loglevel=6 i8042.nopnp mmio_stale_data=full libata.noacpi=1 resume=PARTUUID=c302ea25-d8e2-064e-8ebd-c79276fad2cc drm.edid_firmware=edid/1920x1080_BOE08E8.bin nvidia-drm.modeset=1

Mas ainda assim o problema persiste, não vejo nenhum log do kernel correspondente ao info loglevel.

Surpreendentemente, o nível de log não está definido,

Se eu fizer um cat /proc/sys/kernel/printk, vejo a seguinte saída,

1       4       1       7

O nível de log padrão indicado pelo primeiro número inteiro na saída acima ainda é 1.

2 respostas

Voted

bazsi77 · Answer 1 · 2024-06-09T20:38:20+08:00

bazsi77

2024-06-09T20:38:20+08:002024-06-09T20:38:20+08:00

Talvez o sysklogd defina o nível de log do kernel automaticamente, enquanto o syslog-ng não.

https://linuxconfig.org/introduction-to-the-linux-kernel-log-levels

Você pode reconfigurá-los em /proc/sys/kernel/printk

klogd parece ajustar os níveis de log do kernel: https://linux.die.net/man/8/klogd

0

Sai Chaithanya · Answer 2 · 2024-06-11T22:15:11+08:00

Os logs do kernel são enviados para /proc/kmsg. Definir uma nova fonte neste arquivo e redirecionar esses logs para um destino personalizado resolveu o problema.

source kern_src { file("/proc/kmsg"); };
filter kern_f { level(debug..emerg) and facility(kern); };
destination kern_dst { file("/var/log/kern.log"); };
log { source(kern_src); filter(kern_f); destination(kern_dst); };

Arquivo de configuração syslog-ng atualizado daquele postado na pergunta.

    @version: 4.7
#
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/426814
@include "scl.conf"

options {
    threaded(yes);
    chain_hostnames(no);

    # The default action of syslog-ng is to log a STATS line
    # to the file every 10 minutes.  That's pretty ugly after a while.
    # Change it to every 12 hours so you get a nice daily update of
    # how many messages syslog-ng missed (0).
    stats(freq(43200));
    # The default action of syslog-ng is to log a MARK line
    # to the file every 20 minutes.  That's seems high for most
    # people so turn it down to once an hour.  Set it to zero
    # if you don't want the functionality at all.
    mark_freq(3600);
};

source src { system(); internal(); };
source kern_src { file("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };
destination kern_dst { file("/var/log/kern.log"); };
destination auth_dst { file("/var/log/auth.log"); };
destination mail_dst { file("/var/log/mail.log"); };

filter kern_f { level(debug..emerg) and facility(kern); };
filter auth_f { level(debug..emerg) and facility(auth) and facility(authpriv); };
filter mail_f { level(debug..emerg) and facility(mail); };
filter default_f { level(debug..emerg) and not (facility(mail)) and not (facility(auth)) and not (facility(kern)); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); filter(default_f); destination(messages); };
log { source(src); filter(auth_f); destination(auth_dst); };
log { source(src); filter(kern_f); destination(kern_dst); };
log { source(src); filter(mail_f); destination(mail_dst); };
log { source(kern_src); filter(kern_f); destination(kern_dst); };
log { source(src); destination(console_all); };

syslog-ng não registra logs de nível de informação

Você pode passar usuário/passar para autenticação básica HTTP em parâmetros de URL?