Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I've a busy CentOS 5.9 server which is hosting an IoT application server and Oracle database. The /var/log/messages is not logging any normal messages except some logs from Nagios nrpe plugin (This server being monitored by Nagios core).
nrpe[6565]: Error: Request packet type/version was invalid!
nrpe[6565]: Client request was invalid, bailing out...
when i restart any service (eg: crond, cups, sendmail, etc..), it is NOT captured in /var/log/messages.
We have one RHEL6 server running rsyslog by default but we also have it running syslog-ng to capture information from network devices. On that system /var/log/messages is open by rsyslog whereas on RHEL5/CentOS5 it was open by syslogd.
On that system the order we start the two different log daemons is important to get things locally logged different than those logged by syslog-ng.
Is it possible you're running both syslogd and rsyslog? Or any other logger? If so order may be important if you need both. Also it may just be you need to stop one and used chkconfig to prevent it from restarting after boot.
FYI: cron start is logged in /var/log/cron not messages. Similarly most mail activity is in /var/log/maillog. You may just be looking for info in the wrong logs.
P.S. CentOS5 is a binary compile from RHEL5 source. RHEL5 went EOL more than a year ago. There are no security or bug fixes for RHEL5 so there are none for CentOS5. You really ought to go to at least CentOS6 or better yet CentOS7 if possible.
It was syslogd running but for a testing I’ve installed rsyslog. Issue persists and I rolled it back to syslogd.
# lsof /var/log/messages
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslogd 30269 root 1w REG 253,0 218121 5304282 /var/log/messages
I found that it is not possible to start rsyslog while syslog is running. So I stopped syslog and started rsyslog.
Answer to cron and sendmail logging --> When I do a restart of these services, there are some logs writing to /var/log/messages (checked in another server). But these logs are not captured in this server (/var/log/messages or /var/log/cron).
Ex: # service crond restart
Redirecting to /bin/systemctl restart crond.service
# tail /var/log/messages
Mar 1 23:46:58 system02-DB2 systemd: Stopping Command Scheduler...
Mar 1 23:46:58 system02-DB2 systemd: Started Command Scheduler.
Mar 1 23:46:58 system02-DB2 systemd: Starting Command Scheduler...
Cron and sendmail core activities are captured in their respective log files.
I’m planning to upgrade the OS to CentOS 6 or 7. If it is fixed after upgrade, I’ll mark this post/thread as Resolved.
First RH 7.3 = ancient RedHat 7.3 version. Believe it or not some folks may still run that. RHEL 7.3 = more recent RedHat Enterprise Linux (RHEL7 being the latest RHEL and 7.3 being a subversion of that).
The way rsyslog gets setup on RHEL5/CentOS5 and the version would be different from that used on RHEL6/CentOS6 which in turn would be different than that on RHEL7/CentOS7.
On an old CentOS5 workstation rpm shows rsyslog version: rsyslog-3.22.1-7.el5
On the RHEL6 server rpm shows rsyslog version: rsyslog-5.8.10-8.el6.x86_64
On a RHEL7 workstation rpm shows rsyslog version: rsyslog-7.4.7-12.el7.x86_64
That shows the upstream version of rsyslog is signifcantly different on the 3 major RHEL/CentOS releases.
On the CentOS5 box the default /etc/rsyslog.conf file contains:
Code:
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
On the other hand /etc/syslog.conf from that same system contains:
Code:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
Also on RHEL5/CentOS5 /etc/sysconfig/rsyslog (and /etc/sysconfig/syslog) are used. (On RHEL6/CentOS6 the file exists but says OPTIONS are deprecated so doesn't really set any). The one from my CentOS5 contains:
Code:
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -rPortNumber Enables logging from remote machines. The listener will listen to the specified port.
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
I'm wondering if you're modifying /etc/syslog.conf rather than /etc/rsyslog.conf. Although the files are similar the init scripts on start show they use the file with same name as the logger. You may want to use the above files from CentOS5 for rsyslog to verify yours are correct. Note that I don't actually have rsyslog turned on (via chkconfig) on my CentOS5. I just installed the package to see what it gives. On that system I use the default syslog rather than rsyslog.
Last edited by MensaWater; 03-03-2018 at 08:51 AM.
Is what you just posted /etc/syslog.conf? /etc/rsyslog.conf? Something else?
Did you verify rsyslog has been stopped and syslog RE-started?
Did you run chkconfig to verify syslog is set to start on reboot and rsyslog isn't?
What you posted seems to be missing quite a bit from the default syslog.conf I posted. I suggest you do a line by line comparison and add missing lines to your file at a minimum.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.