Deleted /var/log/messages, can't log any files-iptables
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Deleted /var/log/messages, can't log any files-iptables
Hi
I have deleted the /var/log/messages file where all the log messages go into, and now when I do
#iptables -A INPUT -j LOG
the log file is empty. I have recreated an empty file'messages' at the same location, but none of my log files seems to go into it. Or do I have to changemode of the file?
When you see that word, it means that you haven't entered the command correctly. In this case, I should have been more complete in my answer. My apologies. In the future, when you see that Usage word, it us usually worth a quick look at the man page for that command to see what is missing.
What is missing is the path to the logrotate config file (logrotate.conf) which logrotate needs in order to do its thing. So the actualy complete command is
logrotate -f /path/to/logrotate.conf
On my system, logrotate.conf is in /etc so I would use logrotate -f /etc/logrotate.conf. However, your distro may put it somwhere else so have a look for it.
/var/log/messages will be created on demand if it doesn't exist.... logrotate may well create it, but you don't need to do anything at all. there was no problem in the first place.
Well, if you take his first post at face value, there was a problem in that iptables was no longer logging entries into the messages file he created and didn't appear to be creating a functional one. I don't know about you, but I have a tough time reading minds around here so I just told him a way to create a functional messages file. If the system would have made one on its own, well then bully for the system, but chingyenccy seems to be please with the answer I gave him.
I think the problem was that message was removed while being kept open by the syslog daemon. To recover from that you can restart the daemon, which is probably what running logrotate did. To empty the file without removing it, use
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.