Red Hat EL 4.4

When the syslog service starts, I get a [FAILED] on the system logger after a few minutes then [OK] on the kernel logger.

I can however run syslogd afterwards and I don't see any error messages. I've search everywhere in /var/log for any error messages but I can't see anything.

Any ideas? Thanks.

First the obvious: what does df -h show you? If the /var filesystem is full (or nearly full), you'll need to address that.

If not...

you might want to turn on the debug option (see manpages for sysklogd(8)) in /etc/sysconfig/syslog. There is an env variable in that file called SYSLOGD_OPTIONS that you can add the option to. (Make a backup of it before messing with it.)

/etc/sysconfig/syslog gets sourced in by syslog's init.d script. It sounds like your problem is only occurring at reboot, so reboot again and see if you can get some more verbose error messages.

Thanks for the suggestions. So I turned on debugging. When I restart the syslog service or during reboot, I see the following in the debug messages:

Called logger, msg: /var/log/boot.log
logmsg: syslog.err<43>, flags=4, from localhost, msg syslogd: /var/log/boot.log: Permission denied

The message repeats for /var/log/messages, /var/log/cron.log, etc.

My /var filesystem is only 48% full out of 5 GB. SYSLOGD_OPTIONS is "-m 0 -d" and "-2" for klogd.

Ok, how about ls -l /var/log ??

And once you start, syslogd, what user is it running as?
ps -ef | grep syslogd

# ls -l /var/log
The permissions on /var/log is drwxr-xr-x root root
The log files are -rw-r--r-- root root (for the most part, some are mysql, etc.)

klogd and syslogd are running as root.

Thanks again.

Hmm, well something is causing those 'permission denied' messages.

Is /var its own partition? If so, next thing to check:
mount | grep /var

We'll see if it's damaged and mounting read-only.

Well, I went into SELinux and checked "Disable SELinux protection for syslogd daemon" and now it is starting up fine.

============================
Here's some more information I got after I posted the original message below:

When I boot into single user mode and /etc/init.d/syslog start,
it shows system logger and kernel logger starting OK. Then I see the following error message on the console:

audit(...): avc: denied {write} for pid=951 comm="minilogd" name="log" dev=tmpfs ino=6808 scontext=user_u:system_r:syslogd_t tcontext=user_ubject_r:device_t tclass=sock_file

So it has something to do with SELinux?

=== START OF ORIGINAL MESSAGE ===
/var is being mounted rw. There are other processes writing to /var/log such as mysql writing to mysqld.log. For now I disabled syslog (chkconfig --del syslog) and just manually run syslogd -m 0 and klogd -2 (I boot into single user mode, start these two tasks, and then init 5 to go into runlevel 5).

I'm sure it's just a config problem as a result of my "playfulness." I just switched to Linux from Windows on my development box and couldn't resist messing with the system. The thing I remember doing that might have caused this problem is I moved /var and /usr to their own partitions. Here's the process I followed:

- boot into single user mode
- #mv /var /var.old
- #mkdir /var
- #mount -t ext3 /dev/sda11 /var
- #cp -a /var.old/* /var/
- boot into run level 5
I don't know if the problem happened right away because I walked away from my desk and when I came back about an hour later, the login window was waiting so I assumed everything went fine. I didn't notice any problem so I deleted /var.old. I also did the same with /usr which is now in its own partition in /dev/sda12.

I still don't know why I get permission denied. BTW, after manually starting syslogd and klogd from the terminal, logging seems to be fine -- I'm seeing messages in dmesg, messages, boot.log, cron, Xorg.0.log. The problem happens when logging is started via the syslog service. Well, I'll continue tracking this problem down and thank you again for helping me along.

If it helps, here's part of my /etc/fstab.
LABEL=/ / ext3 defaults 1 1
/dev/sda11 /var ext3 defaults 1 2
/dev/sda12 /usr ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
LABEL=/home /home ext3 defaults 1 2
LABEL=/opt /opt ext3 defaults 1 2
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
LABEL=SWAP-sda10 swap swap defaults 0 0
# then a VFAT mount which is the parition I use
# for transferring files between Linux and XP Pro
# also have several CIFS mounts to access shared drives
# on a Windows 2003 server

nice video man,im stuck with the starting system logger.for some reason,when i boot yellow dog,it says starting system logger (failed).it doesnt let me start the gui,when i loggin the screen goes black..dont know what to do.=(

im stuck with the starting system logger.for some reason,when i boot yellow dog on my ps3,it says starting system logger (failed).it doesnt let me start the gui,when i loggin the screen goes black..dont know what to do.=(