[CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/

Thu Aug 7 09:48:48 UTC 2014
Arun Khan <knura9 at gmail.com>

SOLVED

On Wed, Aug 6, 2014 at 10:28 PM, James A. Peltier <jpeltier at sfu.ca> wrote:
> ----- Original Message -----
> | On Wed, Aug 06, 2014 at 04:50:41PM +0000, Tony Mountifield wrote:
> | >
> | > Probably rsyslog is being started before /var/log is mounted, and
> | > so it
> | > is opening files within /var/log on the root device.
> |
> | rsyslog should start after local mounts are finished.
> |
> | I suspect it's selinux; /var/log should have a "var_log_t" context
> | and I
> | suspect it doesn't.
>
> running a restorecon -vv on /var/log should correct that automatically I would think.
>

I had suspected SElinux and have it disabled still rsyslogd was not
logging on the new device mounted on /var/log/

***  restorecon -vv /var/log does the trick! ***

@ James A. Peltier Thank you!

FWIW - here are the steps

1. service rsyslog stop
2. mount <new var log device> /mnt/
3. rsync -aP /var/log/ /mnt/
4. rm -fr /var/log/*
5. umount /mnt
6. mount <new var log device> /var/log/  (also make change to /etc/fstab)
7. restorecon -vv /var/log   <<< the solution
8. service rsyslog start.
9. logger "this is a test"
10. tail /var/log/messages to verify that indeed the logger string was logged.

-- Arun Khan