KLOGD(8) klogd - Kernel Log Daemon klogd [ -c n ] [ -d ] [ -f fname ] [ -iI ] [ -n ] [ -o ] [ -p ] [ -s ] [ -k fname ] [ -v ] [ -x ] [ -2 ] a system daemon which intercepts and logs Linux kernel messages.
-c n Sets the default log level of console messages to n.
-d Enable debugging mode. This will generate LOTS of output to stderr.
-f file Log messages to the specified filename rather than to the syslog facility.
-i -I Signal the currently executing klogd daemon. Both of these switches control the loading/reloading of symbol information. The -i switch signals the daemon to reload the kernel module symbols. The -I switch signals for a reload of both the static kernel symbols and the kernel module symbols.
-n No auto-backgrounding. use is started and controlled by init(8).
-o one-shot , then exit
-p paranoia. causes klogd to load the kernel module symbol information whenever an Oops string is detected in the kernel message stream.
-s use the system call interface to the kernel message buffers.
-k file Use the specified file as the source of kernel symbol information.
-x Omits address to symbol translation and doesn't read the System.map file.
-2 When symbols are expanded, print the line twice.
Once with addresses converted to symbols, once with the raw text.
This allows external programs such as ksymoops do their own processing on the original data.
-v Print version and exit.

In Linux there are two potential sources of kernel log information: the /proc file system and the syscall (sys_syslog) interface. Klogd chooses whichever source of information is the most appropriate. If /proc file system is found the /proc/kmsg file is used as the source of kernel log information.
If not klogd uses a system call to obtain kernel messages.
-s forces use of the system call interface

If kernel messages are directed through the syslogd daemon the klogd daemon, has the ability to properly prioritize kernel messages.

The raw kernel messages are of the form:

<0-7]>Something said by the kernel.

The priority of the kernel message is encoded as a single numeric digit enclosed inside the <> pair. The definitions of these values is given in the kernel include file kernel.h. When a message is received from the kernel the klogd daemon reads this priority level and assigns the appropriate priority level to the syslog message. If file output (-f) is used the prioritization sequence is left pre-pended to the kernel message.

klogd allows the ability to alter the presentation to system console. Consequent with the prioritization of kernel messages was the inclusion of default messaging levels for the kernel. Default console log level is 7. Any messages with a priority level numerically lower than 7 (higher priority) appear on the console.

Messages of priority level 7 are considered to be 'debug' messages and will not appear on the console. all kernel messages be handled by klogd and either directed to a file or to the syslogd daemon.

-c inhibits all kernel messages from being displayed on the console. The argument specifies the priority level of messages which will be directed to the console. messages of a priority value LOWER than the indicated number will be directed to the console.

For example, to have the kernel display all messages with a priority level of 3 (KERN_ERR) or more severe the following command would be executed:

klogd -c 4

/usr/include/linuxkernel.h syslog at /usr/include/sys sub-directory.

To read all the kernel messages after a system boot and record them in a file called krnl.msg and exit.

klogd -o -f ./krnl.msg

KERNEL ADDRESS RESOLUTION If the kernel detects an internal error condition a general protection fault will be trigered. As part of the procedure the kernel records a status report indicating the state of the processor at the time of the fault. Included in this display are the registers, the kernel stack and a tracing of functions . A listing of the address locations of important variables and function is in System.map

The process of resolving the numeric addresses from the protection fault printout can be done manually or by using ksymoops .

klogd attempts to resolve kernel numeric addresses to their symbolic forms if a kernel symbol table is available at execution time. -2 preserves the numeric address.
A symbol table may be specified by using -k Default: /boot/System.map /System.map /usr/src/linux/System.map

klogd has support for loadable modules.

-i and -I are used to signal the currently executing daemon that symbol information be reloaded.

klogd -i

-p insures that module symbol information is up to date. This instructs klogd to reload the module symbol information whenever a protection fault is detected.
Invoking the klogd in ?paranoid? mode is problematic since the stability of the kernel and the operating environment is under question when a protection fault occurs. klogd executes system calls to read the module symbol information, the system may be too unstable to capture useful information.
better policy is to insure that klogd is updated whenever a module is loaded or unloaded.

The insmod, rmmod and modprobe utilities signal when a module is inserted or removed from the kernel.

SIGNAL HANDLING INT, KILL, TERM and HUP closes kernel log sources and terminates gracefully.

TSTP and CONT start and stop kernel logging. TSTP the daemon will close its log sources and enter an idle loop. CONT will cause the daemon to go through initialization sequence and re-choose an input source. For example if the /proc file system is to be un-mounted :

# kill -TSTP pid # umount /proc # kill -CONT pid

System logs include LOG_INFO priority documenting the start/stop of logging.

USR1 will cause the kernel module symbols to be reloaded. USR2 will cause both the static kernel symbols and the kernel module symbols to be reloaded.

FILES /proc/kmsg One Source for kernel messages klogd /var/run/klogd.pid The file containing the process id of klogd /boot/System.map, /System.map, /usr/src/linux/System.map Default locations for kernel system maps. Version 1.4 21 August, 1999 KLOGD(8)