On Tue, 2013-02-05 at 16:18 -0500, Valdis.Kletnieks@xxxxxx wrote:
> On Wed, 06 Feb 2013 04:43:20 +0800, Jimmy Pan said:
>
> > in fact, i've been always wondering what is the relationship between dmesg
> > and /var/log/message. they diverse a lot...
dmesg is provided by kernel using cat /proc/kmsg.
/proc/kmsg is like any other linux file which supports below file
operations:
from /kernel/printk.c
const struct file_operations kmsg_fops = {
.open = devkmsg_open,
.read = devkmsg_read,
.aio_write = devkmsg_writev,
.llseek = devkmsg_llseek,
.poll = devkmsg_poll,
.release = devkmsg_release,
};
printk dumps it's output in the ring buffer whose size is set using
defconfig CONFIG_LOG_BUF_SHIFT(if 16 => then ring buffer size is 64KB,
and for 17 => 128KB).
This ring buffer is the source for syslog and klogd daemon logs.How it
extracts the buffer depends on the configuration of these deamons.
Call stack:
printk
vprintk_emit
log_store
write to log_buf
log_from_idx used by /proc/kmsg to read the buffer
sylog uses ioctl to work on ring buffers:
case SYSLOG_ACTION_CLOSE: /* Close log */
case SYSLOG_ACTION_OPEN: /* Open log */
case SYSLOG_ACTION_READ: /* Read from log */
case SYSLOG_ACTION_READ_CLEAR:
case SYSLOG_ACTION_READ_ALL:
case SYSLOG_ACTION_CLEAR:
case SYSLOG_ACTION_CONSOLE_OFF:
case SYSLOG_ACTION_CONSOLE_ON:
case SYSLOG_ACTION_CONSOLE_LEVEL:
case SYSLOG_ACTION_SIZE_UNREAD:
case SYSLOG_ACTION_SIZE_BUFFER:
Quoting from
http://askubuntu.com/questions/26237/difference-between-var-log-messages-var-log-syslog-and-var-log-kern-log
Syslog is a standard logging facility. It collects messages of various
programs and services including the kernel, and stores them, depending
on setup, in a bunch of log files typically under /var/log. There are
also possibilities to send the messages to another host over network, to
a serial console, to a database table, etc.
According to my /etc/syslog.conf, default /var/log/kern.log captures
only the kernel's messages of any loglevel; i.e. the output of dmesg.
/var/log/messages instead aims at storing valuable, non-debug and
non-critical messages. This log should be considered the "general system
activity" log.
/var/log/syslog in turn logs everything, except auth related messages.
Other insteresting standard logs managed by syslog
are /var/log/auth.log, /var/log/mail.log.
Regarding your question: if you need solely kernel messages log, use the
kern.log or call dmesg.
>
> What ends up in /var/log/message is some subset (possibly 100%, possibly 0%)
> of what's in dmesg. Where your syslog daemon routes stuff is a local config
> issue - if your syslogd supports it, there's no reason not to dump the iptables
> messages in to /var/log/firewall and the rest of it in /var/log/kernel, or
> any other policy that makes sense for the sysadmin....
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@xxxxxxxxxxxxxxxxx
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
