On 08/07/2014 05:48 AM, Arun Khan wrote: > SOLVED > > On Wed, Aug 6, 2014 at 10:28 PM, James A. Peltier <jpeltier at sfu.ca> wrote: >> ----- Original Message ----- >> | On Wed, Aug 06, 2014 at 04:50:41PM +0000, Tony Mountifield wrote: >> | > >> | > Probably rsyslog is being started before /var/log is mounted, and >> | > so it >> | > is opening files within /var/log on the root device. >> | >> | rsyslog should start after local mounts are finished. >> | >> | I suspect it's selinux; /var/log should have a "var_log_t" context >> | and I >> | suspect it doesn't. >> >> running a restorecon -vv on /var/log should correct that automatically I would think. >> > I had suspected SElinux and have it disabled still rsyslogd was not > logging on the new device mounted on /var/log/ > > *** restorecon -vv /var/log does the trick! *** > > @ James A. Peltier Thank you! > > FWIW - here are the steps > > 1. service rsyslog stop > 2. mount <new var log device> /mnt/ > 3. rsync -aP /var/log/ /mnt/ > 4. rm -fr /var/log/* > 5. umount /mnt > 6. mount <new var log device> /var/log/ (also make change to /etc/fstab) > 7. restorecon -vv /var/log <<< the solution > 8. service rsyslog start. > 9. logger "this is a test" > 10. tail /var/log/messages to verify that indeed the logger string was logged. > > -- Arun Khan > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos If restorecon fixes the problem, then you never disabled SELinux If you untar files into a location, you should always run restorecon on the directory to fix the SELinux labels.