Does anyone have any idea how to get imuxsock to read kernel messages?
We have been having trouble getting any rule in an imuxsock ruleset to read kernel messages, in particular those from iptables. Without this, ruleset functionality is not available.
Possibly, the difficulty is that imkmsg is absent on our systems and from the latest rsyslog package available from the Adiscon repository (8.2006.0). No obvious means exists to obtain or install this module. Does anyone have this module installed?
imklog permits a standalone rule (i.e., outside an imuxsock ruleset) to capture kernel messages, so at least they're not lost, but again, no ruleset functionality is available.
We have attempted any number of configurations spanning rsyslog.conf, journald.conf, and sysctl.conf, including creating listeners specifically for /dev/kmsg, /proc/kmsg, /dev/log, and /run/systemd/journal/syslog, all without success.
Many thanks for any suggestions.