LinuxQuestions.org - [SOLVED] Deleted /var/log folder. Need help with messages and boot.log

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Deleted /var/log folder. Need help with messages and boot.log (https://www.linuxquestions.org/questions/linux-newbie-8/deleted-var-log-folder-need-help-with-messages-and-boot-log-4175675699/)

Deleted /var/log folder. Need help with messages and boot.log

Hi All,

I'm having some issues with the messages and boot.log (for syslogs)

I deleted the /var/log folder by mistake on my machine and lost all the files.
Post this, I rebooted the machine and some of the files have returned.

Code:

[root@localhost ~]# ls -ltr /var/log

total 192

-rw-------. 1 root  root        0 May 21 16:59 messages

-rw-------. 1 root  root        0 May 21 16:59 secure

-rw-------. 1 root  root        0 May 21 16:59 maillog

-rw-------. 1 root  root        0 May 21 16:59 spooler

-rw-------. 1 root  root      218 May 21 17:02 yum.log

-rw-------. 1 root  utmp        0 May 21 17:06 btmp

-rw-r--r--. 1 root  root  110668 May 21 17:06 dmesg

-rw-r--r--. 1 root  root    1323 May 21 17:06 vmware-vgauthsvc.log.0

drwxr-xr-x. 2 chrony chrony      6 May 21 17:06 chrony

-rw-r--r--. 1 root  root    1006 May 21 17:06 vmware-vmsvc.log

-rw-r--r--. 1 root  root      614 May 21 17:06 firewalld

drwx------. 2 root  lp        57 May 21 17:06 cups

drwxr-xr-x. 2 root  root      23 May 21 17:06 tuned

-rw-------. 1 root  root    13760 May 21 17:07 boot.log

drwx--x--x. 2 root  gdm        42 May 21 17:07 gdm

-rw-r--r--. 1 root  root      40 May 21 17:07 wpa_supplicant.log

-rw-r--r--. 1 root  root    26060 May 21 17:07 Xorg.0.log

-rw-------. 1 root  root    1550 May 21 19:01 cron

-rw-rw-r--. 1 root  utmp    1920 May 21 19:46 wtmp

-rw-r--r--. 1 root  root  292876 May 21 19:46 lastlog

However, the boot.log file is not logging anything new. I have restarted the rsyslog service multiple times. I've also uninstalled rsyslog and re-installed it.

I've got the rsyslog logging debug messages to boot.log

Code:

# Save boot messages also to boot.log

local7.*                                                /var/log/boot.log

I have a device sending debug level logs to this machine, but they are not getting logged. When I do the following, it shows rsyslog is running, but the output does not get appended to the boot.log file.

Code:

[root@localhost ~]# logger -s "Hello world"

root: Hello world

[root@localhost ~]# tail /var/log/boot.log

        Starting GNOME Display Manager...

[  OK  ] Started Job spooling tools.

        Starting Job spooling tools...

[  OK  ] Started Notify NFS peers of a restart.

[  OK  ] Started OpenSSH server daemon.

[  OK  ] Started System Logging Service.

[  OK  ] Started GNOME Display Manager.

[  OK  ] Started Dynamic System Tuning Daemon.

[  OK  ] Started Postfix Mail Transport Agent.

[  OK  ] Started Virtualization daemon.

Please help me in understanding why the boot.log isn't updating.

Not in front of a Linux box at the moment, but my recollection is that boot.log only shows the details (POST?) of the last boot. There’s nothing to update between boots.

To check:

Make a copy of the boot.log
Reboot the ‘puter
Compare the new boot.log o the copy

It looks like you are running a Red Hat or derivative distribution. syslog messages are written to /var/log/messages or /var/log/secure.

Check the contents of /var/log/messages for your "Hello World" test.
grep "Hello World" /var/log/messages

Since logs rotate it might be in a /var/log/messages-2020MMDD file.

Quote:

Originally Posted by scasey (Post 6126225)

Not in front of a Linux box at the moment, but my recollection is that boot.log only shows the details (POST?) of the last boot. There’s nothing to update between boots.

To check:

Make a copy of the boot.log
Reboot the ‘puter
Compare the new boot.log o the copy

The new boot.log contains only the list of processes being started up. No new messages get logged to this file.

Quote:

Originally Posted by michaelk (Post 6126233)

The messages file has been at 0 bytes since the folder was recreated. None of the logger messages are getting logged to the messages.

What distribution version are you actually running?

Did you verify the /etc/rsyslog.conf file line for writing to messages is uncommented?

Code:

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

Quote:

Originally Posted by indolynx (Post 6126250)

The new boot.log contains only the list of processes being started up. No new messages get logged to this file.

Yes, that's how boot.log works. It only gets written to at boot time.

Quote:

Originally Posted by michaelk (Post 6126346)

What distribution version are you actually running?

Did you verify the /etc/rsyslog.conf file line for writing to messages is uncommented?

Code:

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

I'm running CentOS 7. (centos-release-7-4.1708.el7.centos.x86_64)
Yes this line is uncommented. I have attached the rsyslog.conf for your reference.

Quote:

Originally Posted by scasey

Yes, that's how boot.log works. It only gets written to at boot time.

The rsyslog.conf file points all local7.* messages to be written to boot.log and prior to my mistake, debugs were getting logged to this file as expected.

I re-installed the machine, re-installed rsyslog and boot.log is logging the local7.* messages coming from external sources.