I mistakenly deleted my syslog file!! How can I ask Ubuntu to return and write to it?
 

Hi guys,
I mistakenly deleted my 'syslog' file, from /var/log/ directory.
I wanted to clean the log from its history so I deleted the file, hoping the system will create a new one. But I noticed the system doesn't create a new one... and now I don't have the a system log anymore!!

I tried creating a blank file by the same name, but it didn't help.
I also tried copying back an older copy of the file to the same folder, but that didn't help either.

Does anyone have an idea how can I make Ubuntu return writing to the syslog in /var/log/ ?

Thanks,
Koby

Ubuntu - What version/build/release/spin?

[QUOTE=kobygold;5468031Does anyone have an idea how can I make Ubuntu return writing to the syslog in /var/log/ ?
[/QUOTE]

Thanks guys.

Habitual,
I'm using Ubuntu 14.04 LTS

hortageno,
I tried your command "~# service rsyslog restart" and got this error message:
~#: command not found

Then tried changing it slightly to "service rsyslog restart" and got those warning messages:
stop: Unknown job: rsyslog
start: Unknown job: rsyslog

Lastly I tried with sudo: "sudo service rsyslog restart" and got this messages:
rsyslog stop/waiting
rsyslog start/running, process 21920

I guess the last try is the correct one, right...?
Anyway, the syslog still doesn't change and is still empty (I created an empty file before running your command)
Am I doing something wrong...?
Do I need a restart to the Ubuntu...?
Is the directory from where I run the command important...? (I ran it from /var/log/)

Thanks,
Koby

n/m.

Hi Habitual,
Thanks, but can you be more specific...?
I don't understand what 'n/m' mean.

Thanks,
Koby

I mistakenly deleted my syslog file!! How can I ask Ubuntu to return and write to it?
 

Remove the "~#" from the command. This was supposed to indicate that you need to run the command as root.

Thanks you very much guys, it worked!!

Two more small things:
1. I noticed that I can't read the syslog as a regular user, only as a SU.
I get "permission denied" error message.
Before deleting the file I was able to read it.
Can I change that?
2. Can I clear the content of the syslog once in a while without interfering its process?
If yes, what is the command for doing that?

Thanks,
Koby

Re 2; that's job for logrotate - usually specified as /etc/logrotate.conf & /etc/logrotate.d/syslog (or similar)

Thanks chrism01 for your answer!
I've read a bit about the 'logrotate' command, and understood that it can be used to clean/compress/mail the log automatically daily, weekly etc.

I found another command that cleans the log upon request, which is more the usage case I need. If anyone needs it here it is:

Last question,
I still couldn't find a way to allow me to read the syslog without the 'sudo' command.
and I need it for some automation tools that don't have the SU permissions...

I've noticed that the file 'group' has changed from 'syslog adm' to 'syslog syslog',
and that seems to be the reason why I can't read it without the sudo.

'ls -la' shows the list below, where the first two files are accessible only using sudo, and last two are accessible regularly (without using sudo)
You can see that the last two have 'syslog adm' where the first two have 'syslog syslog'

Any idea how to change the groups from 'syslog syslog' to 'syslog adm'...?

Thanks,
Koby

Check /etc/rsyslog.conf. Mine has the following near the end

Thanks hortageno,

My rsyslog.conf file looks similar to yours (see below).
Perhaps there's a difference at the PrivDropToUser & PrivDropToGroup properties...?
Can I simply edit and change this config file...?

Add yourself to adm group.
Change the group on /var/log/syslog file to adm
Kobygold needs to logout and back in to take affect.

Check kobygold groups in terminal using
cat /var/log/syslog for output.

Thanks Habitual!
It worked perfectly!
You're the man! :)