<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:12pt"><div style="font-family: Courier New,courier,monaco,monospace,sans-serif; font-size: 12pt;">Hi Jay,<br><br>Thanks for the response.<br><br>I tried following command on both servers, and there was nothing coming out:<br><br> restorecon -v /etc/services<br><br>So the /etc/services file should be ok.<br><br>Frank Ling<br> <br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Jay Leafey <jay.leafey@mindless.com><br><b><span style="font-weight: bold;">To:</span></b> CentOS mailing list <centos@centos.org><br><b><span style="font-weight: bold;">Sent:</span></b> Wednesday, February 11, 2009 9:40:30 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re:
[CentOS] logs such as messages, boot.log, and kernel contained 0 size<br></font><br>
Frank Ling wrote:<br>> Hi,<br>> <br>> My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size.<br>> <br>> The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP.<br>> <br>> Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem.<br>> <br>> I am very sure both systems have not been hacked by others.<br>> <br>> Sincerely,<br>> <br>> Frank Ling<br>> --------------------------------------------------------------------------<br>> -rw------- 1 root root 0 Feb 8 04:02 messages<br>> -rw------- 1 root root 0 Feb 3 11:04 messages.1<br>> -rw------- 1 root root 0 Jan
25 04:02 messages.3<br>> -rw------- 1 root root 0 Jan 11 04:03 messages.4<br>> -rw------- 1 root root 10 Dec 27 13:00 messages.offset<br>> <br>> -rwx------ 1 root root 0 Feb 11 19:12 kernel<br>> -rwx------ 1 root root 0 Feb 11 16:53 kernel.1<br>> -rwx------ 1 root root 0 Jan 25 04:02 kernel.3<br>> -rwx------ 1 root root 0 Jan 11 04:03 kernel.4<br>> <br>> -rw------- 1 root root 0 Feb 8 04:02 spooler<br>> -rw------- 1 root
root 0 Feb 3 07:51 spooler.1<br>> -rw------- 1 root root 0 Jan 25 04:02 spooler.3<br>> -rw------- 1 root root 0 Jan 11 04:03 spooler.4<br>> <br>> -rw------- 1 root root 0 Jun 24 2008 tallylog<br>> --------------------------------------------------------------------------<br>> <br><br>I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files.<br><br>The quickest way to check for this is the command:<br><br>
restorecon -v /etc/services<br><br>If nothing prints out in response, that's not the problem. If it DOES, that might explain it. I have been checking the contexts occasionally to try and trap exactly when it happens. I use:<br><br> restorecon -R -n -v /etc<br><br>which walks through the entire /etc tree looking for contexts to change but just reports any exceptions.<br><br>Just a thought!<br>-- Jay Leafey - Memphis, TN<br><a ymailto="mailto:jay.leafey@mindless.com" href="mailto:jay.leafey@mindless.com">jay.leafey@mindless.com</a><br></div></div></div><br>
</body></html>