#StackBounty: #boot #logs #rsyslog #dmesg how are early logs logged in rsysylog, when rsysylog is not yet running?

Bounty: 150

I am using rsyslog on Debian Buster.

I am using old-style sysvinit, not systemd. rsyslog is started late in the init startup sequence, after most init scripts have run.

The dmesg messages during boot process and other early log messages from other startup scripts that ran before rsyslog was started, are not lost. rsyslog will log them immediately when it starts.

Where were these messages stored, when rsyslog was not running ?

Can I clear this "cache" before I start rsyslog, so that the early boot message are not logged ?

Or, even better, can I filter them out, so that they are logged into main syslog file:

*.*    -/var/log/syslog

but not logged into another:

*.*    |/dev/xconsole

UPDATE AND CLARIFICATION

I realized it might not be entirely clear what problem I am trying to solve. So here is some clarification of the situation:

In addition to standard syslog logging (ie, /var/log/syslog), I am also logging the same info to /dev/xconsole, and when I am logged in my desktop session as user, I have terminal on background with following command:

cat /dev/xconsole

that way, I can immediately see new logs appearing in my background. Also, unlike regular file, /dev/xconsole is emptied after it has been read. So when i log out, and log back in again, I don’t see old messages, but only new ones.

Now, the problem is that after boot, there is so much logs in the kernel buffer, that when rsyslog starts, it fills up the whole capacity of /dev/xconsole with useless debugging early boot info.

And I am mostly interested in the late stage boot messages, and these are missing. Only after I cat /dev/xconsole for the first time, do I free up the space, and new messages can come.

I added this ugly hack in /etc/rsyslog.conf:

:msg, startswith, "[    "              stop
*.*    |/dev/xconsole

This basically discards all early messages that start with single digit second counter [ 0.000000], but accept all later messages, ie [ 14.348189]

This works, but I consider it dirty workaround.

So, how can I get rid of the early boot messages that I am not interested in, and log the useful init boot script messages?


Get this bounty!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.