Ubuntu 10.04 and RSysLog kernel messages
Ubuntu 10.04 comes with a modification in the way rsyslog processes kernel messages on certain kernels like Linode's latest Paravirt. You will se the following error in your kern.log file everytime the machine is rebooted or you restart the rsyslogd daemon:
kernel: imklog: Cannot read proc file system, 1.
This bug is described here: https://bugs.launchpad.net/ubuntu/lucid/+source/rsyslog/+bug/523610.
Also , because of the fact that kernel messages are not logged you won't be able to use iptables logging and programs like psad which are looking for those messages in order to block malicious traffic.
For the moment you can get rid of this error by doing the following trick:
Copy the /etc/init/rsyslog-kmsg.conf from an Ubuntu 9.10 box. (Or you can download it from the end of this post.)
Make a soft link in /etc/init.d to the upstart-job:
ln -s /lib/init/upstart-job /etc/init.d/rsyslog-kmsg
Change $KLogPath in /etc/rsyslog.conf to be: /var/run/rsyslog/kmsg (line 17:
sed -i'.original' 's/^\$KLogPath \/proc\/kmsg/\$KLogPath \/var\/run\/rsyslog\/kmsg/' /etc/rsyslog.conf restart rsyslog
Now you should see that your /var/log/kern.log is populated with all the kernel messages.
| Attachment | Size |
|---|---|
| rsyslog-kmsg.conf | 589 bytes |
Works for me
Thanks I just ran into this problem while configuring the firewall and this hack worked great. Hope the the Linode guys get this fixed soon for new slices.