Hey Cirman,
How do you understand that the
security log has stopped? Do you see something in your other logs that syslog has stopped?
Also you mention that the other logs are running properly. That means syslog looks to be running properly.Where are you looking to confirm this?
Please post the output of the following commands here:
Code:
who -r
cat /etc/syslog.conf
ps aux | grep syslog
chkconfig --list | grep syslog
By default I believe a lot of the security logs get logged to /var/log/secure. So each time say you log in to your box you should get a line in /var/log/secure , something like this:
Code:
[root@snort log]# grep secure /etc/syslog.conf
authpriv.* /var/log/secure
[root@snort log]# grep secure /etc/syslog.conf
authpriv.* /var/log/secure
[root@snort log]# ll /var/log/secure*
-rw------- 1 root root 98 Feb 10 12:19 /var/log/secure
-rw------- 1 root root 192 Feb 3 17:49 /var/log/secure.1
-rw------- 1 root root 982 Jan 27 18:14 /var/log/secure.2
-rw------- 1 root root 175 Jan 20 12:51 /var/log/secure.3
-rw------- 1 root root 0 Jan 7 04:02 /var/log/secure.4
[root@snort log]# cat /var/log/secure
Feb 10 12:19:15 snort sshd[27158]: Accepted password for root from 10.41.42.192 port 1482 ssh2
[root@snort log]#
Are you getting anything like this? If not you might want to try and restart syslog from the command line using:
Code:
service syslog restart
and see if that helps.
Post back if you're still having problems.
Cheers
Arvind
