<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Connect to syslogd with strace:<div><br></div><div>strace -p syslogd_pid</div><div><br></div><div>And then "provoke" message that should go to <meta http-equiv="content-type" content="text/html; charset=utf-8">/var/log/messages </div><div>strace will show you what syslogd do.</div><div>May be it will reveal cause of the problem.</div><div><br></div><div>Valery</div><div><br></div><div><br>--- On <b>Wed, 6/9/10, Amit Aronovitch <i><aronovitch@gmail.com></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: Amit Aronovitch <aronovitch@gmail.com><br>Subject: problems with syslogd<br>To: "Linux-IL" <linux-il@cs.huji.ac.il><br>Date: Wednesday, June 9, 2010, 3:14 PM<br><br><div id="yiv2008309561"><div dir="ltr">Hi,<br><br>Recently I stopped getting any messages in
/var/log/messages (and probably some other files as well). Basic tests I could think of all check out OK (see below). Any ideas what I should check next?<br>
Using sysklogd+klogd 1.5 on Debian (unstable).<br><br>1) /etc/syslogd.conf is debian's standard, seems to support /var/log/messages (as ever):<br>(some comment lines truncated)<br>-------><br>#<br>auth,authpriv.* /var/log/auth.log<br>
*.*;auth,authpriv.none -/var/log/syslog<br>#cron.* /var/log/cron.log<br>daemon.* -/var/log/daemon.log<br>kern.* -/var/log/kern.log<br>lpr.* -/var/log/lpr.log<br>
mail.* -/var/log/mail.log<br>user.* -/var/log/user.log<br>#<br><a rel="nofollow" target="_blank" href="http://mail.info">mail.info</a> -/var/log/<a rel="nofollow" target="_blank" href="http://mail.info">mail.info</a><br>mail.warn -/var/log/mail.warn<br>
mail.err /var/log/mail.err<br>#<br>news.crit /var/log/news/news.crit<br>news.err /var/log/news/news.err<br>news.notice -/var/log/news/news.notice<br>#<br>*.=debug;\<br> auth,authpriv.none;\<br>
news.none;mail.none -/var/log/debug<br>*.=info;*.=notice;*.=warn;\<br> auth,authpriv.none;\<br> cron,daemon.none;\<br> mail,news.none -/var/log/messages<br>#<br>*.emerg *<br>#<br>#daemon,mail.*;\<br>
# news.=crit;news.=err;news.=notice;\<br># *.=debug;*.=info;\<br># *.=notice;*.=warn /dev/tty8<br>#<br>daemon.*;mail.*;\<br> news.err;\<br> *.=debug;*.=info;\<br> *.=notice;*.=warn |/dev/xconsole<br>
<br><------<br><br>2) syslogd is running, and has some log files open (but not /var/log/messages and friends!)<br><br>~# ls -al /proc/`ps -C syslogd -o pid=`/fd<br>total 0<br>dr-x------ 2 root root 0 Jun 9 14:20 .<br>
dr-xr-xr-x 7 root root 0 Jun 9 14:19 ..<br>lrwx------ 1 root root 64 Jun 9 14:20 0 -> socket:[1007451]<br>l-wx------ 1 root root 64 Jun 9 14:20 1 -> /var/log/auth.log<br>l-wx------ 1 root root 64 Jun 9 14:20 10 -> /var/log/mail.err<br>
l-wx------ 1 root root 64 Jun 9 14:20 11 -> /var/log/news/news.crit<br>l-wx------ 1 root root 64 Jun 9 14:20 12 -> /var/log/news/news.err<br>l-wx------ 1 root root 64 Jun 9 14:20 13 -> /var/log/news/news.notice<br>
l-wx------ 1 root root 64 Jun 9 14:20 2 -> /var/log/syslog<br>l-wx------ 1 root root 64 Jun 9 14:20 3 -> /var/log/daemon.log<br>l-wx------ 1 root root 64 Jun 9 14:20 4 -> /var/log/kern.log<br>l-wx------ 1 root root 64 Jun 9 14:20 5 -> /var/log/lpr.log<br>
l-wx------ 1 root root 64 Jun 9 14:20 6 -> /var/log/mail.log<br>l-wx------ 1 root root 64 Jun 9 14:20 7 -> /var/log/user.log<br>l-wx------ 1 root root 64 Jun 9 14:20 8 -> /var/log/<a rel="nofollow" target="_blank" href="http://mail.info">mail.info</a><br>
l-wx------ 1 root root 64 Jun 9 14:20 9 -> /var/log/mail.warn<br><br><br>3) log files exist, and seem to have the same permissions as the working ones:<br> <br>~$ ls -alt `cat /etc/syslog.conf | awk '(substr($1,1,1)!="#" && $2!="") {sub("-","",$2); if ($2 ~ /^\/var/) print $2}'`<br>
-rw-r----- 1 root adm 8025 Jun 9 15:02 /var/log/syslog<br>-rw-r----- 1 root adm 87932 Jun 9 15:02 /var/log/auth.log<br>-rw-r----- 1 root adm 161406 Jun 9 14:19 /var/log/kern.log<br>-rw-r----- 1 root adm 62494 Jun 9 14:00 /var/log/daemon.log<br>
-rw-r----- 1 root adm 23295 Jun 9 08:07 /var/log/user.log<br>-rw-r----- 1 root adm 0 Jun 3 08:19 /var/log/debug<br>-rw-r----- 1 root adm 0 Jun 3 08:19 /var/log/messages<br>-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/<a rel="nofollow" target="_blank" href="http://mail.info">mail.info</a><br>
-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.log<br>-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.err<br>-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.warn<br>-rw-r----- 1 root adm 0 Nov 25 2007 /var/log/lpr.log<br>
-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.crit<br>-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.err<br>-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.notice<br><br>4) Removing and reinstalling the sysklogd package did not help.<br>
<br>5) Google found some similar problem reports, but they all turned out to be either filesize overflow (have plenty of place on the /var/ partition btw), or crashed daemon.<br><br>What next?<br><br> thanks,<br> AA<br>
<br></div>
</div><br>-----Inline Attachment Follows-----<br><br><div class="plainMail">_______________________________________________<br>Linux-il mailing list<br><a ymailto="mailto:Linux-il@cs.huji.ac.il" href="/mc/compose?to=Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br><a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br></div></blockquote></div></td></tr></table><br>