/var/log/messages empty
 

Hello!

/var/log/messages and many other log files in /var/log are empty. What could be causing this? Running RHEL4 Update 4. Kernel 2.6.9-42.0.3.ELsmp (64-bit).

Thanks!

Is the syslog daemon up and running? You may check

syslog and klog are the logging daemons.

is your syslog running and are the daemons you are running, writing to it?

syslog service is running..not sure how I would tell if its writing to it, other then a timestamp of Nov.11 04:02 and the other ones /var/log/messages.1, /var/log/messages.2 ....are showing timestamps of Nov.4, October 28....but they're all blanks.

[root@server ~]# service syslog status
syslogd (pid 4189) is running...
klogd (pid 4193) is running...
[root@server ~]#

It's not surprising to see the backup files messages.1 etc as these are created by the logrotate daemon, which doesn't know anything about syslog.

It sounds like you have a configuration problem in syslog itself; take a look at your /etc/syslog.conf file and check that it has an entry for /var/log/messages. This will vary between distributions but it should look something like this:(line taken from a random FC5 machine)

If the line starts with a # sign then it's been commented out (in which case, remove the # sign, save the file and restart syslogd).

If you want to know more about configuring syslog then type Feel free to post the file if you don't know what's wrong.

Hope that helps,

—Robert J Lee

thank u for quick reply! I have checked the syslog.conf file already actually, but here it is anyways...

[root@server ~]# more /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log
[root@server ~]#

syslog.conf looks right. Maybe the syslog daemon was interrupted (crashed) for some reason and it lost the file descriptors of the log files, so that it is unable to send messages to the proper locations. You can try to restart the daemon via the service management or by the command
this will send an hang-up signal (SIGHUP) which will force syslogd to close the log files, re-read the configuration and open the log files again.

Thanks for your assistance, but the file is still empty. I've gone to the console and noticed the message now appears 'syslogd: network logging disabled(syslog/udp service unknown).

I'm not 100% after the 'syslog/' above because the screen disappeared, but i believe I got the whole error message right. I'll try to google this and maybe this gives us more clues?


Thanks!

got the fix...SELinux was enabled and disabling this fixed. All the logs in /var/log FINALLY started to get information! :) Thanks for your help...hope this helps you...