I tried to search this in many places and also documents/man pages of openlog(), syslog(0, rsyslogd(8) but couldn't find answer for this.
My question is, if rsyslogd is stopped or not yet started, then do the new syslog messages get lost? Or rsyslogd fetches them from /dev/log later when it's enabled?
My test is:
On a running system, rsyslog is running. Now, do the following:
- logger -p local7.notice "my custom message1"
- grep message1 | /var/log/messages ----> Success
- Stop rsyslogd process
- logger -p local7.notice "My other custom message2"
- now, start the rsyslogd daemon
- grep message2 | /var/log/messages ----> FAIL
I understand from openlog(3) and syslog(3) man pages that a socket is opened for /dev/log file and if there is an error while sending the message to syslog (as rsyslogd is not running) then the connection is closed (and message is printed on console/stderror if you have used LOG_CONS/LOG_PERROR).
Could anybody please tell me:
- Is there any way rsyslogd to get all those messages came in absence of it in syslog file when it comes up?
- If not by default, is there any syscall, command,etc.etc.way to do that??
Thank you in advance.
-Neo
