LinuxQuestions.org - [SOLVED] log files are empty -- messages,syslog,mail.err

thank you for helping me:

-- well is rsyslog even running?
YES
sudo ps aux |grep rsyslog
syslog 1981 0.0 0.0 126668 2376 ? Sl 00:08 0:01 rsyslogd -c5

-- Are the file handles open for writing by the rsyslog process?
YES
ls -l mail.err syslog messages
-rw-r----- 1 syslog adm 0 Feb 19 07:39 mail.err
-rw-rw-rw- 1 u1 u1 0 Oct 16 09:39 messages
-rw-r----- 1 syslog adm 0 Feb 24 00:14 syslog

-- Can you use the logger tool to get messages into them?
NO
gnome-system-log
(gnome-system-log:14070): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:2412: instance `0x7f41fc0148c0' has no handler with id `1709

-- are there any log errors when rsyslog is restarted?
NO
sudo service rsyslog restart
rsyslog start/running, process 15313

-- foregroung debug mode:
/usr/sbin/rsyslogd -c5 -dn >~/rsyslog-1.log
rsyslogd: Could no open output pipe '/dev/xconsole' [try http://www.rsyslog.com/e/2039 ]

--------------------------------------
just part of logging -- looked for error , fail key words:

8411.321228551:7fd36961a720: Error opening log pipe: /dev/xconsole
8411.321238286:7fd36961a720: Called LogError, msg: Could no open output pipe '/dev/xconsole'

Actions:
8411.324473300:7fd36961a720: builtin-file: /var/log/syslog
8411.324483498:7fd36961a720: template='/var/log/syslog'
8411.324490721:7fd36961a720: use async writer=0
8411.324497898:7fd36961a720: flush on TX end=1
8411.324505026:7fd36961a720: flush interval=1
8411.324512328:7fd36961a720: file cache size=10
8411.324519464:7fd36961a720: create directories: yes
8411.324526749:7fd36961a720: file owner 101, group 4
8411.324534186:7fd36961a720: force chown() for all files: no
8411.324541394:7fd36961a720: directory owner 0, group 0
8411.324548681:7fd36961a720: dir create mode 0755, file create mode 0640
8411.324555747:7fd36961a720: fail if owner/group can not be set: no
8411.324562837:7fd36961a720:
Instance data: 0x1426fe0
8411.324570039:7fd36961a720: RepeatedMsgReduction: 1
8411.324577067:7fd36961a720: Resume Interval: 30
8411.324584189:7fd36961a720: State: rdy
8411.324591387:7fd36961a720: Exec only when previous is suspended: 0
8411.324603197:7fd36961a720: submission mode: slow, but feature-rich
8411.324610750:7fd36961a720:
8411.324618087:7fd36961a720:
8411.324625192:7fd36961a720:
8411.324632818:7fd36961a720: rule 0x1427be0: rsyslog rule:
8411.324642370:7fd36961a720: X X X X X X X X X FF X X X X X X X X X X X X X X X

Actions:
8411.326555645:7fd36961a720: builtin-file: /var/log/mail.err
8411.326565828:7fd36961a720: template='/var/log/mail.err'
8411.326573128:7fd36961a720: use async writer=0
8411.326580413:7fd36961a720: flush on TX end=1
8411.326587688:7fd36961a720: flush interval=1
8411.326594891:7fd36961a720: file cache size=10
8411.326602143:7fd36961a720: create directories: yes
8411.326609531:7fd36961a720: file owner 101, group 4
8411.326616629:7fd36961a720: force chown() for all files: no
8411.326623889:7fd36961a720: directory owner 0, group 0
8411.326631321:7fd36961a720: dir create mode 0755, file create mode 0640
8411.326638546:7fd36961a720: fail if owner/group can not be set: no
8411.326645639:7fd36961a720:
Instance data: 0x142e100
8411.326652996:7fd36961a720: RepeatedMsgReduction: 1
8411.326660486:7fd36961a720: Resume Interval: 30
8411.326667729:7fd36961a720: State: rdy
8411.326675054:7fd36961a720: Exec only when previous is suspended: 0
8411.326682390:7fd36961a720: submission mode: slow, but feature-rich
8411.326689790:7fd36961a720:
8411.326696944:7fd36961a720:
8411.326703917:7fd36961a720:
8411.326711745:7fd36961a720: rule 0x142ed00: rsyslog rule:
8411.326721435:7fd36961a720: X X X X X X X 7 X X X X X X X X X X X X X X X X X

8411.333874064:7fd36961a720: Command 'failonchownfailure':
8411.333881339:7fd36961a720: type : 4
8411.333888582:7fd36961a720: pData: 0x65c90c
8411.333895779:7fd36961a720: Hdlr : 0x0
8411.333903054:7fd36961a720: Owner: 0x410e10

8411.317893748:7fd36961a720: action 1 queue[DA]: error -2040 reading .qi file - can not read persisted info (if any)

8555.843018812:7fd36961a720: error 14 unlinking '(null)' - ignored: Bad address

-----------------------and now after CTRL-C finally ... no data to flush ... :
8555.842866458:7fd36961a720: strm 0x1420fd0: file -1(rsyslog) closing
8555.842899523:7fd36961a720: strm 0x1420fd0: file -1(rsyslog) flush, buflen 0 (no need to flush)
8555.842931438:7fd36961a720: strm 0x14221f0: file -1(rsyslog) closing
8555.842964014:7fd36961a720: strm 0x1423410: file -1(rsyslog) closing
8555.843018812:7fd36961a720: error 14 unlinking '(null)' - ignored: Bad address
8555.843053278:7fd36961a720: action 1 queue: queue (type 1) will lose 0 messages, destroying...
8555.843099648:7fd36961a720: strm 0x14258b0: file -1(ufw.log) closing
8555.843132631:7fd36961a720: strm 0x14258b0: file -1(ufw.log) flush, buflen 0 (no need to flush)
8555.843167957:7fd36961a720: strm 0x14265c0: file -1(auth.log) closing
8555.843199374:7fd36961a720: strm 0x14265c0: file -1(auth.log) flush, buflen 0 (no need to flush)
8555.843234414:7fd36961a720: strm 0x1427160: file -1(syslog) closing
8555.843266205:7fd36961a720: strm 0x1427160: file -1(syslog) flush, buflen 0 (no need to flush)
8555.843299933:7fd36961a720: strm 0x1427df0: file -1(cron.log) closing
8555.843332171:7fd36961a720: strm 0x1427df0: file -1(cron.log) flush, buflen 0 (no need to flush)
8555.843366571:7fd36961a720: strm 0x1428a80: file -1(daemon.log) closing
8555.843397406:7fd36961a720: strm 0x1428a80: file -1(daemon.log) flush, buflen 0 (no need to flush)
8555.843432727:7fd36961a720: strm 0x1429710: file -1(kern.log) closing
8555.843473037:7fd36961a720: strm 0x1429710: file -1(kern.log) flush, buflen 0 (no need to flush)
8555.843505328:7fd36961a720: strm 0x142a3a0: file -1(lpr.log) closing
8555.843535311:7fd36961a720: strm 0x142a3a0: file -1(lpr.log) flush, buflen 0 (no need to flush)
8555.843571901:7fd36961a720: strm 0x142b030: file -1(mail.log) closing
8555.843602432:7fd36961a720: strm 0x142b030: file -1(mail.log) flush, buflen 0 (no need to flush)
8555.843637432:7fd36961a720: strm 0x142bcc0: file -1(user.log) closing
8555.843668405:7fd36961a720: strm 0x142bcc0: file -1(user.log) flush, buflen 0 (no need to flush)
8555.843700503:7fd36961a720: strm 0x142c990: file -1(mail.info) closing
8555.843729466:7fd36961a720: strm 0x142c990: file -1(mail.info) flush, buflen 0 (no need to flush)
8555.843763778:7fd36961a720: strm 0x142d5f0: file -1(mail.warn) closing
8555.843793921:7fd36961a720: strm 0x142d5f0: file -1(mail.warn) flush, buflen 0 (no need to flush)
8555.843827632:7fd36961a720: strm 0x142e280: file -1(mail.err) closing
8555.843856200:7fd36961a720: strm 0x142e280: file -1(mail.err) flush, buflen 0 (no need to flush)
8555.843889560:7fd36961a720: strm 0x142ef10: file -1(news.crit) closing
8555.843919646:7fd36961a720: strm 0x142ef10: file -1(news.crit) flush, buflen 0 (no need to flush)
8555.843965833:7fd36961a720: strm 0x142fba0: file -1(news.err) closing
8555.843997749:7fd36961a720: strm 0x142fba0: file -1(news.err) flush, buflen 0 (no need to flush)
8555.844031752:7fd36961a720: strm 0x1430830: file -1(news.notice) closing
8555.844064762:7fd36961a720: strm 0x1430830: file -1(news.notice) flush, buflen 0 (no need to flush)
8555.844100168:7fd36961a720: strm 0x14314c0: file -1(debug) closing
8555.844132043:7fd36961a720: strm 0x14314c0: file -1(debug) flush, buflen 0 (no need to flush)
8555.844165971:7fd36961a720: strm 0x1432150: file -1(messages) closing
8555.844197004:7fd36961a720: strm 0x1432150: file -1(messages) flush, buflen 0 (no need to flush)
8555.844232366:7fd36961a720: strm 0x1433460: file -1(tty5) closing
8555.844263337:7fd36961a720: strm 0x1433460: file -1(tty5) flush, buflen 0 (no need to flush)
8555.844307693:7fd36961a720: all primary multi-thread sources have been terminated - now doing aux cleanup...
8555.844399996:7fd36961a720: file syslogd.c released module 'lmnet', reference count now 2
8555.844431016:7fd36961a720: destructing parser 'rsyslog.rfc5424'
8555.844455277:7fd36961a720: destructing parser 'rsyslog.rfc3164'
8555.844484875:7fd36961a720: file conf.c released module 'lmnet', reference count now 1
8555.844537978:7fd36961a720: rsyslog runtime de-initialized, current users 0
8555.844564678:7fd36961a720: module lmnet NOT unloaded because it still has a refcount of 1
8555.844585704:7fd36961a720: Unloading module builtin-file
8555.844610489:7fd36961a720: module lmnet NOT unloaded because it still has a refcount of 1
8555.844632846:7fd36961a720: Unloading module builtin-pipe
8555.844658264:7fd36961a720: module lmnet NOT unloaded because it still has a refcount of 1
8555.844680629:7fd36961a720: Unloading module builtin-fwd
8555.844707062:7fd36961a720: file omfwd.c released module 'lmnet', reference count now 0
8555.844729570:7fd36961a720: module 'lmnet' has zero reference count, unloading...
8555.844751716:7fd36961a720: Unloading module lmnet
8555.844815656:7fd36961a720: Unloading module builtin-shell
8555.844843769:7fd36961a720: Unloading module builtin-discard
8555.844865407:7fd36961a720: Unloading module builtin-usrmsg
8555.844887277:7fd36961a720: Unloading module builtin-pmrfc5424
8555.844910222:7fd36961a720: Unloading module builtin-pmrfc3164
8555.844933900:7fd36961a720: Unloading module builtin-smfile
8555.844958598:7fd36961a720: Unloading module builtin-smtradfile
8555.844981131:7fd36961a720: Unloading module builtin-smfwd
8555.845004031:7fd36961a720: Unloading module builtin-smtradfwd
8555.845028406:7fd36961a720: Unloading module imuxsock
8555.845090707:7fd36961a720: Unloading module imklog
8555.845143373:7fd36961a720: Clean shutdown completed, bye

-------------------
Could you please help where should I look and what - more deeply ?
Is /dev/xconsole problem ? I do not know if it corresponding but xconsole is located in /usr/bin/xconsole. Not even soft link did not help.
If it helps I can give log file - I do not mind if it contains sensitive data. Should I run debug mode longer ?

Thank you for any clue.
Kind Regards,
Martin