SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A few days ago i needed to look at the syslogs (Slack 10) and i found that /var/log/syslog is empty. The syslogd is running and all other logs are updated but not syslog.
I tried removing the /var/log/syslog* files and restart the syslogd but all that happens is a new /var/log/syslog is created but it stays empty.
Now, i could use some help here but i don't really now what info i need to give. Please advise.
# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux. Note the '-' prefixing some
# of these entries; this omits syncing the file after every logging.
# In the event of a crash, some log information might be lost, so
# if this is a concern to you then you might want to remove the '-'.
# Be advised this will cause a performation loss if you're using
# programs that do heavy logging.
# Uncomment this to see kernel messages on the console.
#kern.* /dev/console
# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/messages
# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog
# Debugging information is logged here.
*.=debug -/var/log/debug
# Private authentication message logging:
authpriv.* -/var/log/secure
# Cron related logs:
cron.* -/var/log/cron
# Mail related logs:
mail.* -/var/log/maillog
# Emergency level messages go to all users:
*.emerg *
# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler
# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit -/var/log/news/news.crit
#news.=err -/var/log/news/news.err
#news.notice -/var/log/news/news.notice
Quote:
Originally posted by gbonvehi Do you have /etc/rc.d/rc.syslog as executable? Check if klogd is running which is the daemon that sends messages to syslogd about kernel stuff.
sorry mate. this is weird. no idea what is going on.
the only thing that i would say is that you could try to restart the services:
klogd and syslogd.
if it does not work....
regards
slackie1000
Last edited by slackie1000; 04-15-2005 at 08:47 AM.
Distribution: Slackware 14 (Server),OpenSuse 13.2 (Laptop & Desktop),, OpenSuse 13.2 on the wifes lappy
Posts: 781
Rep:
You might want to look at your logrotate function. Make sure it's not set to something strange like rotate upon maximum size, or on bootup or shutdown etc.
Other than that, really no other ideas.
I suppose you could install webmin and use that to set up your logging facilities
Originally posted by vdemuth You might want to look at your logrotate function. Make sure it's not set to something strange like rotate upon maximum size, or on bootup or shutdown etc.
Other than that, really no other ideas.
I suppose you could install webmin and use that to set up your logging facilities
Logratation seems to be fine too, setup to rotate once a week, which actually happens too. All logs are rotated every week.
Now, some other issues with the server made us decide to upgrade the kernel to 2.6.11.7 today. We booted the server with the new kernel and now syslogging works as it should. On one hand OK, on the other a bit of a pity because now i still don't know what was the cause of this problem.
But there are a few problems that came up using the new kernel so we just might go back to the 2.4.26 kernel if we can't solve those new problems. When that's the case i guess i'll post back in this thread. Otherwise esac.
I do, however, stay curious to actually know what the cause of this problem is/was.
Thnx to everybody for the input ! Much appreciated!
Distribution: Slackware 10.2 kernel 2.6.13, Gentoo amd64, Some mish-mash of programs that started with slack 9.0
Posts: 165
Rep:
I had this problem when I inadvertently compiled in debugging on something and one of the files in /var/log got to 2G in size. If any file written by the syslog gets that big, no more logging.
Originally posted by eelriver I had this problem when I inadvertently compiled in debugging on something and one of the files in /var/log got to 2G in size. If any file written by the syslog gets that big, no more logging.
Yes, i've read that somewhere too. But the logs on the server are nowhere near that size, i'm afraid.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.