Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/

On 2014-08-06, John R. Dennison jrd@gerdesas.com wrote:

On Wed, Aug 06, 2014 at 04:50:41PM +0000, Tony Mountifield wrote:

...

Probably rsyslog is being started before /var/log is mounted, and so it is opening files within /var/log on the root device.

rsyslog should start after local mounts are finished.

I suspect it's selinux; /var/log should have a "var_log_t" context and I suspect it doesn't.

But would that explain why, when the OP umounts /var/log, the latest logs have been written to /var/log/messages on the / filesystem?

It certainly can't hurt to check both cases: make sure rsyslog is starting after the proper filesystem with /var/log is mounted, and check the selinux contexts to make sure they're correct.

--keith