# rsyslog won't log kernel messages



## mrtonyg (Mar 21, 2015)

I have installed ryslog: sysutils/rsyslog7 and everything runs well except that kernel messages are not being logged. It's like if they don't exist.

A google search revealed two people complaining about this issue back in 2013.

Apparently the issue persists.

Any advice?


----------



## sidetone (Mar 21, 2015)

Is /var mounted on RAM?


----------



## Oko (Mar 21, 2015)

Don't use rsyslog on BSDs or on anything except Linux! Either use native syslog or if you need something more powerful use sysutils/syslog-ng . rsyslog is just for Linux. I have not looked FreeBSD syslog too closely recently but new version of OpenBSD native syslog damon is perfectly capable of using TCP instead of UDP protocol, using TLS encryption and few other highly sought features.


----------



## mrtonyg (Mar 21, 2015)

sidetone, no /var is not mounted in RAM.

Oko, My issue is that I have a Debian central logging server running rsyslog with TLS encryption and I need the secure connection for the FreeBSD client.

Would sysutils/syslog-ng be compatible with the Debian server running rsyslog?

How would I install the new version of the OpenBSD syslog daemon on FreeBSD?


----------



## Oko (Mar 21, 2015)

You can't install OpenBSD syslog daemon on FreeBSD. It is OpenBSD specific hopefully some of the features will be eventually ported.

If I was you I would firstly read one more time man pages for FreeBSD syslog to make sure that it has support for TLS (I am not sure as I am not using TLS). I am using myself a Debian machine (for legacy reason) as a login server and FreeBSD native syslog has no problem sending log files to native the rsyslog server on Debian. However I am not using TLS encryption. I have played with sysutils/syslog-ng and it has NO problem sending log files to rsyslog. However my personal plan on the long run is to replace rsyslog centralized login server with syslog-ng centralized login server. syslog-ng runs well on Linux (I tested on Red Hat and Debian) unlike rsyslog which is hit an miss on all BSDs. I am not even sure if rsyslog can run on something like HP Unix or Solaris. syslog-ng is really the most portable login product.

For the record FreeNAS (FreeBSD based NAS product) has switched to syslog-ng since release 9.3.


----------



## mrtonyg (Mar 21, 2015)

Thanks Oko, off to installing and configuring syslog-ng!


----------



## mrtonyg (Mar 21, 2015)

Just to update:
syslog-ng works flawlessly as a client communicating with a Debian central logging server running rsyslog with TLS encryption.

Thanks again Oko!


----------



## pvoigt (Mar 22, 2015)

mrtonyg said:


> I have installed ryslog: sysutils/rsyslog7 and everything runs well except that kernel messages are not being logged. It's like if they don't exist.
> 
> A google search revealed two people complaining about this issue back in 2013.
> 
> ...


I am using rsyslog-7.6.7_1 on 10.1-RELEASE (amd64) and I get kernel messages logged like:

```
kern.*  -/var/log/kernel
&  stop
```
Is there something wrong with it or did I not understand your question correctly?

Regards,
Peter


----------



## mrtonyg (Mar 22, 2015)

pvoigt You understood my question properly... rsylog was not logging any kernel messages at all.

I didn't explicitly specify "kern.*" as part of the config, so at this time I don't know if that would have taken care of the issue.

The config I used was taken from one of my Debian machines with changes made for the module name differences between both OSs. The Debian machines running rsyslog had no issues with the config as it was.


----------

