On Sun, 2007-10-28 at 12:16 -0400, Tom Diehl wrote: > On Sun, 28 Oct 2007, Robert Slade wrote: > > > On Sun, 2007-10-28 at 16:33 +0100, Alain Spineux wrote: > >> On 10/28/07, Robert Slade <centos at likley.co.uk> wrote: > >>> On Sun, 2007-10-28 at 13:02 +0100, Alain Spineux wrote: > >>>> I have this in my syslog.conf : > >>>> > >>>> # Save boot messages also to boot.log > >>>> local7.* > >>> > >>> Mine says: > >>> > >>> # Save boot messages also to boot.log > >>> local7.* /var/log/boot.log > >> > >> Yes my cut&paste was a little lazy ! > >> > >>> > >>>> > >>>> But did you check dmesg for kernel messages ? > >>>> > >>>> regards > >>> > >>> > >>> dmesg only lists messages from prior to update too :-(. > >> > >> dmesg display the kernel internal buffer. It should be emptied when rebooting ! > >> It is impossible to see messages prior the last reboot ! > >> > >> What about your other log file ? > >> /var/log/messages is filled normaly ? > >> > >>> > >>> Thanks for the reply > >>> > >>> Rob > >>> > >>>> > >>>> On 10/28/07, Robert Slade <centos at likley.co.uk> wrote: > >>>>> Hi, > >>>>> > >>>>> I have just updated from CentOS 4 to 5 and I am seeing a problem with > >>>>> udev during booting, but I am unable to track it down as it looks like > >>>>> the boot.log is not working. The file is there but empty and the > >>>>> previous log only lists events up to the point at which I upgraded. > >>>>> > >>>>> syslog.conf looks ok to me in so much as there is an entry pointing > >>>>> to /var/log/boot.log. > >>>>> > >>>>> Any suggestions as to what I should be looking at? > >>>>> > >>>>> Rob > > > > Both dmesg and boot.log do not have any entries from before the update. > > > > /var/log/messages appears to have normal entries ie from today but there > > are no error messages. > > > > I have checked syslog it is running > > Just a thought, rpm -V sysklogd. See what you get. Also have you run ckrootkit > or similar on the machine? > > I know you said this started after an update and most likely you are correct > but it is just a thought. You never know what kind of coincidence you might > run into. rpm -V sysklogd gave nothing, but rpm -q sysklogd gave: sysklogd-1.4.1-39.2 Ran chkrootkit - nothing came up. Rob