The install guide, chapter 10 Installing Necessary System Tools, recommends syslog-ng. The log produced by syslog-ng, at least by default, does not work with ksymoops. [And unfortunately I am getting oopses from a totally vanilla 2.4.25 kernel.] Either the default config for syslog-ng should be changed, or ch 10 should recommend sysklogd, or at least this incompatibility should be pointed out in ch 10. Reproducible: Always Steps to Reproduce: 1. see ch 10. 2. 3. Actual Results: n/a Expected Results: n/a workaround: replace machine name "foo" with "foo kernel:" in /var/log/messages and run ksymoops on that.
ksymoops v2.4 works (or should work) with syslog-ng. The necessary changes for this have been incorporated in 2.4.4 so if it fails again please consider it a bug in ksymoops. Also, not many users ever run ksymoops; recommending ksyslogd in favor of syslog-ng even though syslog-ng is more performant and has more features + has a nice default configuration is imho not a wise thing to do
ksymoops 2.4.9 does in fact not work with syslog-ng 1.6.0_rc3-r1. If I can figure out how, I will attach a log excerpt so that you may observe this for yourself. The whole point of a distribution is to select and/or configure the software so that it works together. Gentoo ksymoops and Gentoo syslog-ng do not. A fix in syslog-ng.conf: change pipe("/proc/kmsg") to pipe("/proc/kmsg" log_prefix("kernel: ")) A fix in ksymoops would need to fix the syslog-ng line in oops.c, currently "|[0-9]+\\|[^|]+\\|[^|]+\\|[^|]+\\|" /* syslog-ng */ which looks nothing like the log lines produced by the default config, they look like this Mar 12 23:46:11 foxboro Unable to handle kernel NULL pointer dereference at virtual address 00000004 I agree there's no reason to disrecommend syslog-ng, it can cope fine. I have fixed my installation. What to do about fixing Gentoo I leave to you.
Created attachment 27507 [details] /var/log/messages excerpt, from syslog-ng As is, ksymoops does not parse the oops messages. Replace 'foxboro' with 'foxboro kernel:' and ksymoops works fine.
I can't do much testing without symbolmap and such, but what's the exact error you receive when you run ksymoops now? Anyway, reassigning to Michael as he's in charge of syslog-ng so he should be able to make better decisions (and update the default config :)
Created attachment 27534 [details] ksymoops operating on attached excerpt, wrong & right versions Thanks Sven. Here is what ksymoops does on the unmodified syslog-ng log and on the same thing with "kernel: " added.
Sent email to Keith Owens with a suggested change to ksymoops to handle the default syslog-ng output.
This bug is fixed in ksymoops-2.4.10.ebuild which is in portage now.
