<div dir="ltr">Hi,<br><br>Recently I stopped getting any messages in /var/log/messages (and probably some other files as well). Basic tests I could think of all check out OK (see below). Any ideas what I should check next?<br>
Using sysklogd+klogd 1.5 on Debian (unstable).<br><br>1) /etc/syslogd.conf is debian's standard, seems to support /var/log/messages (as ever):<br>(some comment lines truncated)<br>-------><br>#<br>auth,authpriv.* /var/log/auth.log<br>
*.*;auth,authpriv.none -/var/log/syslog<br>#cron.* /var/log/cron.log<br>daemon.* -/var/log/daemon.log<br>kern.* -/var/log/kern.log<br>lpr.* -/var/log/lpr.log<br>
mail.* -/var/log/mail.log<br>user.* -/var/log/user.log<br>#<br><a href="http://mail.info">mail.info</a> -/var/log/<a href="http://mail.info">mail.info</a><br>mail.warn -/var/log/mail.warn<br>
mail.err /var/log/mail.err<br>#<br>news.crit /var/log/news/news.crit<br>news.err /var/log/news/news.err<br>news.notice -/var/log/news/news.notice<br>#<br>*.=debug;\<br> auth,authpriv.none;\<br>
news.none;mail.none -/var/log/debug<br>*.=info;*.=notice;*.=warn;\<br> auth,authpriv.none;\<br> cron,daemon.none;\<br> mail,news.none -/var/log/messages<br>#<br>*.emerg *<br>#<br>#daemon,mail.*;\<br>
# news.=crit;news.=err;news.=notice;\<br># *.=debug;*.=info;\<br># *.=notice;*.=warn /dev/tty8<br>#<br>daemon.*;mail.*;\<br> news.err;\<br> *.=debug;*.=info;\<br> *.=notice;*.=warn |/dev/xconsole<br>
<br><------<br><br>2) syslogd is running, and has some log files open (but not /var/log/messages and friends!)<br><br>~# ls -al /proc/`ps -C syslogd -o pid=`/fd<br>total 0<br>dr-x------ 2 root root 0 Jun 9 14:20 .<br>
dr-xr-xr-x 7 root root 0 Jun 9 14:19 ..<br>lrwx------ 1 root root 64 Jun 9 14:20 0 -> socket:[1007451]<br>l-wx------ 1 root root 64 Jun 9 14:20 1 -> /var/log/auth.log<br>l-wx------ 1 root root 64 Jun 9 14:20 10 -> /var/log/mail.err<br>
l-wx------ 1 root root 64 Jun 9 14:20 11 -> /var/log/news/news.crit<br>l-wx------ 1 root root 64 Jun 9 14:20 12 -> /var/log/news/news.err<br>l-wx------ 1 root root 64 Jun 9 14:20 13 -> /var/log/news/news.notice<br>
l-wx------ 1 root root 64 Jun 9 14:20 2 -> /var/log/syslog<br>l-wx------ 1 root root 64 Jun 9 14:20 3 -> /var/log/daemon.log<br>l-wx------ 1 root root 64 Jun 9 14:20 4 -> /var/log/kern.log<br>l-wx------ 1 root root 64 Jun 9 14:20 5 -> /var/log/lpr.log<br>
l-wx------ 1 root root 64 Jun 9 14:20 6 -> /var/log/mail.log<br>l-wx------ 1 root root 64 Jun 9 14:20 7 -> /var/log/user.log<br>l-wx------ 1 root root 64 Jun 9 14:20 8 -> /var/log/<a href="http://mail.info">mail.info</a><br>
l-wx------ 1 root root 64 Jun 9 14:20 9 -> /var/log/mail.warn<br><br><br>3) log files exist, and seem to have the same permissions as the working ones:<br> <br>~$ ls -alt `cat /etc/syslog.conf | awk '(substr($1,1,1)!="#" && $2!="") {sub("-","",$2); if ($2 ~ /^\/var/) print $2}'`<br>
-rw-r----- 1 root adm 8025 Jun 9 15:02 /var/log/syslog<br>-rw-r----- 1 root adm 87932 Jun 9 15:02 /var/log/auth.log<br>-rw-r----- 1 root adm 161406 Jun 9 14:19 /var/log/kern.log<br>-rw-r----- 1 root adm 62494 Jun 9 14:00 /var/log/daemon.log<br>
-rw-r----- 1 root adm 23295 Jun 9 08:07 /var/log/user.log<br>-rw-r----- 1 root adm 0 Jun 3 08:19 /var/log/debug<br>-rw-r----- 1 root adm 0 Jun 3 08:19 /var/log/messages<br>-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/<a href="http://mail.info">mail.info</a><br>
-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.log<br>-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.err<br>-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.warn<br>-rw-r----- 1 root adm 0 Nov 25 2007 /var/log/lpr.log<br>
-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.crit<br>-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.err<br>-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.notice<br><br>4) Removing and reinstalling the sysklogd package did not help.<br>
<br>5) Google found some similar problem reports, but they all turned out to be either filesize overflow (have plenty of place on the /var/ partition btw), or crashed daemon.<br><br>What next?<br><br> thanks,<br> AA<br>
<br></div>