problems with syslogd
Amit Aronovitch
aronovitch at gmail.com
Wed Jun 9 15:14:44 IDT 2010
Hi,
Recently I stopped getting any messages in /var/log/messages (and probably
some other files as well). Basic tests I could think of all check out OK
(see below). Any ideas what I should check next?
Using sysklogd+klogd 1.5 on Debian (unstable).
1) /etc/syslogd.conf is debian's standard, seems to support
/var/log/messages (as ever):
(some comment lines truncated)
------->
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
*.emerg *
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
<------
2) syslogd is running, and has some log files open (but not
/var/log/messages and friends!)
~# ls -al /proc/`ps -C syslogd -o pid=`/fd
total 0
dr-x------ 2 root root 0 Jun 9 14:20 .
dr-xr-xr-x 7 root root 0 Jun 9 14:19 ..
lrwx------ 1 root root 64 Jun 9 14:20 0 -> socket:[1007451]
l-wx------ 1 root root 64 Jun 9 14:20 1 -> /var/log/auth.log
l-wx------ 1 root root 64 Jun 9 14:20 10 -> /var/log/mail.err
l-wx------ 1 root root 64 Jun 9 14:20 11 -> /var/log/news/news.crit
l-wx------ 1 root root 64 Jun 9 14:20 12 -> /var/log/news/news.err
l-wx------ 1 root root 64 Jun 9 14:20 13 -> /var/log/news/news.notice
l-wx------ 1 root root 64 Jun 9 14:20 2 -> /var/log/syslog
l-wx------ 1 root root 64 Jun 9 14:20 3 -> /var/log/daemon.log
l-wx------ 1 root root 64 Jun 9 14:20 4 -> /var/log/kern.log
l-wx------ 1 root root 64 Jun 9 14:20 5 -> /var/log/lpr.log
l-wx------ 1 root root 64 Jun 9 14:20 6 -> /var/log/mail.log
l-wx------ 1 root root 64 Jun 9 14:20 7 -> /var/log/user.log
l-wx------ 1 root root 64 Jun 9 14:20 8 -> /var/log/mail.info
l-wx------ 1 root root 64 Jun 9 14:20 9 -> /var/log/mail.warn
3) log files exist, and seem to have the same permissions as the working
ones:
~$ ls -alt `cat /etc/syslog.conf | awk '(substr($1,1,1)!="#" && $2!="")
{sub("-","",$2); if ($2 ~ /^\/var/) print $2}'`
-rw-r----- 1 root adm 8025 Jun 9 15:02 /var/log/syslog
-rw-r----- 1 root adm 87932 Jun 9 15:02 /var/log/auth.log
-rw-r----- 1 root adm 161406 Jun 9 14:19 /var/log/kern.log
-rw-r----- 1 root adm 62494 Jun 9 14:00 /var/log/daemon.log
-rw-r----- 1 root adm 23295 Jun 9 08:07 /var/log/user.log
-rw-r----- 1 root adm 0 Jun 3 08:19 /var/log/debug
-rw-r----- 1 root adm 0 Jun 3 08:19 /var/log/messages
-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.info
-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.log
-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.err
-rw-r----- 1 root adm 0 Apr 18 06:57 /var/log/mail.warn
-rw-r----- 1 root adm 0 Nov 25 2007 /var/log/lpr.log
-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.crit
-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.err
-rw-r----- 1 root adm 0 Feb 20 2005 /var/log/news/news.notice
4) Removing and reinstalling the sysklogd package did not help.
5) Google found some similar problem reports, but they all turned out to be
either filesize overflow (have plenty of place on the /var/ partition btw),
or crashed daemon.
What next?
thanks,
AA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100609/6d494827/attachment-0001.html>
More information about the Linux-il
mailing list