I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Other (syslog) log files are fine, only messages.
/etc/syslog.conf: # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;spampd.none -/var/log/messages
.thanks
beast wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Other (syslog) log files are fine, only messages.
/etc/syslog.conf: # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;spampd.none -/var/log/messages
How is the selinux stuff on /var/log/messages?
# ll -Z /var/log/messages -rw------- root root system_u:object_r:var_log_t /var/log/messages
-Andy
On 26/06/07 13:40 +0100, Andy Green wrote:
beast wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Other (syslog) log files are fine, only messages.
/etc/syslog.conf: # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;spampd.none -/var/log/messages
How is the selinux stuff on /var/log/messages?
# ll -Z /var/log/messages -rw------- root root system_u:object_r:var_log_t /var/log/messages
I did not enable SELinux stuff (SELINUX=disabled)
root# ll -Z /var/log/messages Sorry, this option can only be used on a SELinux kernel.
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Firstly, I'd suggest updating to 4.5.
Secondly, is /tmp mounted with noexec option?
forgot to add, check /var/log/messages.* for current syslog messages
On 26/06/07 13:42 +0100, Seán O Sullivan wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Firstly, I'd suggest updating to 4.5.
This is the production machine and has been runing for years, so upgrading OS is not not my first option :)
Secondly, is /tmp mounted with noexec option?
No afaik.
root# mount | grep var /dev/hda4 on /var type ext3 (rw)
forgot to add, check /var/log/messages.* for current syslog messages
root# ls -l messages* -rw------- 1 root root 0 Jun 25 11:11 messages -rw------- 1 root root 32480831 Jun 3 00:04 messages.1.gz -rw------- 1 root root 81601061 May 27 00:13 messages.2.gz -rw------- 1 root root 905460 May 20 00:01 messages.3.gz -rw------- 1 root root 1055604 May 13 00:01 messages.4.gz
Note: previous messages.gz was having gigantic size because recent bug in spamassassin, it logs all spampd log thats why I disable it on the syslog.conf. But after few days I notice that messages were always empty, even I restart syslog and then mv and touch messages
root# cat /etc/redhat-release CentOS release 4.0 (Final)
No auto update and I never run in manually.
On Tuesday 26 June 2007, beast wrote:
On 26/06/07 13:42 +0100, Seán O Sullivan wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Firstly, I'd suggest updating to 4.5.
This is the production machine and has been runing for years, so upgrading OS is not not my first option :)
Secondly, is /tmp mounted with noexec option?
No afaik.
root# mount | grep var /dev/hda4 on /var type ext3 (rw)
forgot to add, check /var/log/messages.* for current syslog messages
root# ls -l messages* -rw------- 1 root root 0 Jun 25 11:11 messages -rw------- 1 root root 32480831 Jun 3 00:04 messages.1.gz -rw------- 1 root root 81601061 May 27 00:13 messages.2.gz -rw------- 1 root root 905460 May 20 00:01 messages.3.gz -rw------- 1 root root 1055604 May 13 00:01 messages.4.gz
Note: previous messages.gz was having gigantic size because recent bug in spamassassin, it logs all spampd log thats why I disable it on the syslog.conf. But after few days I notice that messages were always empty, even I restart syslog and then mv and touch messages
Is it possible you broke your syslog.conf file? You could always try reinstalling the file from the RPM.
Shawn
On 26/06/07 20:02 -0700, Shawn Everett wrote:
Is it possible you broke your syslog.conf file? You could always try reinstalling the file from the RPM.
Yes. Aparently its because of this entry: *.info;mail.none;authpriv.none;cron.none;spampd.none -/var/log/messages
I should use local5.none instead of spampd. I wonder why syslog did not complaint when restarting :(
Shawn Everett wrote:
On Tuesday 26 June 2007, beast wrote:
On 26/06/07 13:42 +0100, Seán O Sullivan wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Firstly, I'd suggest updating to 4.5.
This is the production machine and has been runing for years, so upgrading OS is not not my first option :)
Secondly, is /tmp mounted with noexec option?
No afaik.
root# mount | grep var /dev/hda4 on /var type ext3 (rw)
forgot to add, check /var/log/messages.* for current syslog messages
root# ls -l messages* -rw------- 1 root root 0 Jun 25 11:11 messages -rw------- 1 root root 32480831 Jun 3 00:04 messages.1.gz -rw------- 1 root root 81601061 May 27 00:13 messages.2.gz -rw------- 1 root root 905460 May 20 00:01 messages.3.gz -rw------- 1 root root 1055604 May 13 00:01 messages.4.gz
Note: previous messages.gz was having gigantic size because recent bug in spamassassin, it logs all spampd log thats why I disable it on the syslog.conf. But after few days I notice that messages were always empty, even I restart syslog and then mv and touch messages
Is it possible you broke your syslog.conf file? You could always try reinstalling the file from the RPM.
Shawn
Hi -
Actually - I've seen this maybe 5 times in 100 systems that I've ran, all of the 4.x releases and all exhibited the same problems. Syslog would just stop logging - period. I've often wondered what had caused it, but never really investigated it due to lack of information.
Just wanted to chime in there and let you know that this problem has been seen before.
Thanks -dant
beast spake the following on 6/26/2007 7:47 PM:
On 26/06/07 13:42 +0100, Se�n O Sullivan wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Firstly, I'd suggest updating to 4.5.
This is the production machine and has been runing for years, so upgrading OS is not not my first option :)
"Yum update" shouldn't be that detrimental to a production server. And you will get the benefit of security updates. A server that isn't logging seems already "broken".
On 6/26/07, beast beast@ldap.or.id wrote:
I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log.
Is this an actual 4.0 system, or have you stayed current on updates? Run 'cat /etc/redhat-release' to verify.
-
Andy Green -
beast -
Dan Trainor -
Jim Perrin -
Scott Silva -
Seán O Sullivan -
Shawn Everett