On Tuesday 26 June 2007, beast wrote:
On 26/06/07 13:42 +0100, Seán O Sullivan wrote:
>> I have one centos 4.0 server which /var/log/messages was always >> empty (0 bytes). I wonder what has been blocking the syslog to write >> the log.
Firstly, I'd suggest updating to 4.5.
This is the production machine and has been runing for years, so upgrading OS is not not my first option :)
Secondly, is /tmp mounted with noexec option?
No afaik.
root# mount | grep var /dev/hda4 on /var type ext3 (rw)
forgot to add, check /var/log/messages.* for current syslog messages
root# ls -l messages* -rw------- 1 root root 0 Jun 25 11:11 messages -rw------- 1 root root 32480831 Jun 3 00:04 messages.1.gz -rw------- 1 root root 81601061 May 27 00:13 messages.2.gz -rw------- 1 root root 905460 May 20 00:01 messages.3.gz -rw------- 1 root root 1055604 May 13 00:01 messages.4.gz
Note: previous messages.gz was having gigantic size because recent bug in spamassassin, it logs all spampd log thats why I disable it on the syslog.conf. But after few days I notice that messages were always empty, even I restart syslog and then mv and touch messages
From my own experience there is one trivial way to cause this. How much space is left on whatever partition /var is mounted on? Your comment about SA causing the huge log reminded me of the time I filled /var due to spewage from a bad configuration.
Cheers, Dave
-
David G. Miller