# kern.log is empty [SOLVED]

## stu_rat

My /var/log/kern.log is empty.  Do I need to enable a parameter in my kernel build to enable the logging?

~ # lsof +D /var/log

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME

syslogd   1686 root    1w   REG   8,10  1463037 418511 /var/log/auth.log

syslogd   1686 root    2w   REG   8,10    76963 394049 /var/log/syslog

syslogd   1686 root    3w   REG   8,10     1832 394119 /var/log/daemon.log

syslogd   1686 root    4w   REG   8,10        0 418991 /var/log/kern.log

syslogd   1686 root    5w   REG   8,10        0 419507 /var/log/lpr.log

syslogd   1686 root    6w   REG   8,10     3882 419517 /var/log/mail.log

syslogd   1686 root    7w   REG   8,10    73547 394163 /var/log/user.log

syslogd   1686 root    8w   REG   8,10        0 419534 /var/log/uucp.log

syslogd   1686 root    9w   REG   8,10        0 419618 /var/log/imapd.log

syslogd   1686 root   10w   REG   8,10     3882 419733 /var/log/mail.info

syslogd   1686 root   11w   REG   8,10     3882 420046 /var/log/mail.warn

syslogd   1686 root   12w   REG   8,10     3882 420509 /var/log/mail.err

syslogd   1686 root   13w   REG   8,10        0 420573 /var/log/news/news.crit

syslogd   1686 root   14w   REG   8,10        0 420608 /var/log/news/news.err

syslogd   1686 root   15w   REG   8,10        0 420617 /var/log/news/news.notice

syslogd   1686 root   16w   REG   8,10    29910 394219 /var/log/debug

syslogd   1686 root   17w   REG   8,10    43529 394290 /var/log/messages

syslogd   1686 root   18w   REG   8,10        0 420697 /var/log/ppp.log

console-k 1705 root    7w   REG   8,10  1139453 435231 /var/log/ConsoleKit/history

snmpd     1942 root    3w   REG   8,10      505 394964 /var/log/net-snmpd.log

X         2046 root    0w   REG   8,10    31665 394035 /var/log/Xorg.0.log

 ~ # cat /etc/syslog.conf 

#  /etc/syslog.conf     Configuration file for syslogd.

#

#                       For more information see syslog.conf(5)

#                       manpage.

#                       This is from Debian, we are using it for now

#                       Daniel Robbins, 5/15/99

#

# First some standard logfiles.  Log by facility.

#

auth,authpriv.*                 /var/log/auth.log

*.*;auth,authpriv.none          -/var/log/syslog

#cron.*                         /var/log/cron.log

daemon.*                        -/var/log/daemon.log

kern.*                          -/var/log/kern.log

lpr.*                           -/var/log/lpr.log

mail.*                          /var/log/mail.log

user.*                          -/var/log/user.log

uucp.*                          -/var/log/uucp.log

local6.debug                    /var/log/imapd.log

#

# Logging for the mail system. Split it up so that

# it is easy to write scripts to parse these files.

#

mail.info                       -/var/log/mail.info

mail.warn                       -/var/log/mail.warn

mail.err                        /var/log/mail.err

# Logging for INN news system

#

news.crit                       /var/log/news/news.crit

news.err                        /var/log/news/news.err

news.notice                     -/var/log/news/news.notice

#

# Some `catch-all' logfiles.

#

*.=debug;auth,authpriv.none;news.none;mail.none -/var/log/debug

*.=info;*.=notice;*.=warn;auth,authpriv.none;cron,daemon.none;mail,news.none -/var/log/messages

#

# Emergencies are sent to everybody logged in.

#

*.emerg                         *

#

# I like to have messages displayed on the console, but only on a virtual

# console I usually leave idle.

#

#daemon,mail.*;\

#       news.=crit;news.=err;news.=notice;\

#       *.=debug;*.=info;\

#       *.=notice;*.=warn       /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,

# you must invoke `xconsole' with the `-file' option:

# 

#    $ xconsole -file /dev/xconsole [...]

#

# NOTE: adjust the list below, or you'll go crazy if you have a reasonably

#      busy site..

#

#daemon.*,mail.*;\

#       news.crit;news.err;news.notice;\

#       *.=debug;*.=info;\

#       *.=notice;*.=warn       |/dev/xconsole

local2.*                -/var/log/ppp.logLast edited by stu_rat on Wed Feb 01, 2012 8:48 pm; edited 1 time in total

----------

## Hu

The kernel never writes to that log file.  It writes to an internal ringbuffer, which your system logger should read and copy to the file.  If your logger is misconfigured or if the kernel has been very quiet since your last log rotation, the file will be empty.

----------

## stu_rat

 *Hu wrote:*   

> The kernel never writes to that log file.  It writes to an internal ringbuffer, which your system logger should read and copy to the file.  If your logger is misconfigured or if the kernel has been very quiet since your last log rotation, the file will be empty.

 

I'm not rotating that file; so nothing has been copied to it since I installed Gentoo approx. 9 months ago.  I was alerted to this problem when I recently installed UFW, which also writes to kern.log, and is not doing so.

Thanks for your help.

----------

## wcg

I use sysklogd for a syslog package. The default configuration is

to have klogd read the kernel log buffer and write to syslogd,

which is supposed to read the "facility" (man 3 syslog) as

LOG_KERN and write it to /var/log/kern.log, according to the

"kern.*  -/var/log/kern.log" rule in /etc/syslog.conf.

I found that log rotation was disrupting this somehow,

probably some indeterminacy in the order in which syslogd

and klogd were restarted after rotating the logs.

So I changed /etc/conf.d/sysklogd. Now the command to

start klogd reads

```

KLOGD="-c 3 -f /var/log/kern.log -2"

```

I also commented out the "kern.* -/var/log/kern.log" line in

/etc/syslog.conf.

Now klogd opens /var/log/kern.log itself when klogd starts up,

and kernel messages go there, without klogd opening a

pipe or socket to syslogd first and then having syslogd do

the disk i/o.

If you have sysklogd installed, man klogd to see what the

options to klogd in /etc/conf.d/sysklogd mean. If you have some

other system logger intalled (like syslog-ng), then the options

and division of labor are likely different, and you would need

to read the documentation to see how to proceed.

----------

## stu_rat

This fixed it:

 *wcg wrote:*   

> 
> 
> So I changed /etc/conf.d/sysklogd. Now the command to start klogd reads
> 
> ```
> ...

 

Thanks for your help.

----------

