On Sun, 28 Oct 2007, Robert Slade wrote: > On Sun, 2007-10-28 at 16:33 +0100, Alain Spineux wrote: >> On 10/28/07, Robert Slade <centos at likley.co.uk> wrote: >>> On Sun, 2007-10-28 at 13:02 +0100, Alain Spineux wrote: >>>> I have this in my syslog.conf : >>>> >>>> # Save boot messages also to boot.log >>>> local7.* >>> >>> Mine says: >>> >>> # Save boot messages also to boot.log >>> local7.* /var/log/boot.log >> >> Yes my cut&paste was a little lazy ! >> >>> >>>> >>>> But did you check dmesg for kernel messages ? >>>> >>>> regards >>> >>> >>> dmesg only lists messages from prior to update too :-(. >> >> dmesg display the kernel internal buffer. It should be emptied when rebooting ! >> It is impossible to see messages prior the last reboot ! >> >> What about your other log file ? >> /var/log/messages is filled normaly ? >> >>> >>> Thanks for the reply >>> >>> Rob >>> >>>> >>>> On 10/28/07, Robert Slade <centos at likley.co.uk> wrote: >>>>> Hi, >>>>> >>>>> I have just updated from CentOS 4 to 5 and I am seeing a problem with >>>>> udev during booting, but I am unable to track it down as it looks like >>>>> the boot.log is not working. The file is there but empty and the >>>>> previous log only lists events up to the point at which I upgraded. >>>>> >>>>> syslog.conf looks ok to me in so much as there is an entry pointing >>>>> to /var/log/boot.log. >>>>> >>>>> Any suggestions as to what I should be looking at? >>>>> >>>>> Rob > > Both dmesg and boot.log do not have any entries from before the update. > > /var/log/messages appears to have normal entries ie from today but there > are no error messages. > > I have checked syslog it is running Just a thought, rpm -V sysklogd. See what you get. Also have you run ckrootkit or similar on the machine? I know you said this started after an update and most likely you are correct but it is just a thought. You never know what kind of coincidence you might run into. Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com