Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
On Fri, Feb 13, 2009 at 11:09 AM, Frank Ling franklin...@yahoo.com wrote: Marcelo, I didn't see open file for /var/log/messages. Have a look at your /etc/syslog.conf -- Marcelo ¿No será acaso que ésta vida moderna está teniendo más de moderna que de vida? (Mafalda) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Here is my /etc/syslog.conf: ~ #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;*.!warn;authpriv.none;cron.nome;mail.none; -/var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.*;mail.!err-/var/log/maillog mail.err -/var/log/mail.err*.info;*.!warn;authpriv.none;cron.nome;mail.none; -/var/log/messages # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *..emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.*/var/log/boot.log # # INN # news.=crit/var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice *.warn;authpriv.none;cron.none;mail.none; -/var/log/syslog *.kern/var/log/kernel Frank From: Marcelo Roccasalva marcelo-cen...@irrigacion.gov.ar To: CentOS mailing list centos@centos.org Sent: Monday, February 16, 2009 5:59:35 AM Subject: Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size On Fri, Feb 13, 2009 at 11:09 AM, Frank Ling franklin...@yahoo.com wrote: Marcelo, I didn't see open file for /var/log/messages. Have a look at your /etc/syslog.conf -- Marcelo ¿No será acaso que ésta vida moderna está teniendo más de moderna que de vida? (Mafalda) ___ CentOS mailing list CentOS@centos.org http://lists..centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Frank Ling franklin...@yahoo.com *.info;*.!warn;authpriv.none;cron.nome;mail.none; -/var/log/messages I guess you alread tried to restart syslog. From the manpage: You may prefix each entry with the minus ‘‘-’’ sign to omit syncing the file after every logging. . . . Maybe try to remove the '-' and restart syslog... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
On Thu, Feb 12, 2009 at 11:02 PM, Frank Ling franklin...@yahoo.com wrote: Hi Marcelo, Thanks for the comment. I had SELinux disabled. Anyway I tried your trick, and it didn't work. Something must went wrong. Are the files opened?: # lsof /var/log/* Can you strace the [syslog] pid? -- Marcelo ¿No será acaso que ésta vida moderna está teniendo más de moderna que de vida? (Mafalda) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Marcelo, I didn't see open file for /var/log/messages. Here is the screen output: [r...@sun ~]# lsof /var/log/* COMMAND PID USER FD TYPE DEVICESIZE NODE NAME syslogd 2001 root1w REG8,6 25323 17653325 /var/log/secure syslogd 2001 root2w REG8,6 117544 17653330 /var/log/maillog syslogd 2001 root3w REG8,6 13674 17653414 /var/log/cron syslogd 2001 root4w REG8,6 0 17653337 /var/log/spooler syslogd 2001 root5w REG8,6 0 17653412 /var/log/boot.log syslogd 2001 root9w REG8,6 166980 17653308 /var/log/syslog acpid 2418 root1w REG8,6 10758 17653423 /var/log/acpid acpid 2418 root2w REG8,6 10758 17653423 /var/log/acpid python 3040 root3w REG8,6 1187439 17653317 /var/log/denyhosts python 3040 root5r REG8,6 25323 17653325 /var/log/secure [r...@sun ~]# ps aux | grep syslog root 2001 0.0 0.0 1720 604 ?Ss Feb12 0:00 syslogd -m 0 -r -x root 8249 0.0 0.0 3908 660 pts/0R+ 07:04 0:00 grep syslog = Frank From: Marcelo Roccasalva marcelo-cen...@irrigacion.gov.ar To: CentOS mailing list centos@centos.org Sent: Friday, February 13, 2009 5:35:51 AM Subject: Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size On Thu, Feb 12, 2009 at 11:02 PM, Frank Ling franklin...@yahoo.com wrote: Hi Marcelo, Thanks for the comment. I had SELinux disabled. Anyway I tried your trick, and it didn't work. Something must went wrong. Are the files opened?: # lsof /var/log/* Can you strace the [syslog] pid? -- Marcelo ¿No será acaso que ésta vida moderna está teniendo más de moderna que de vida? (Mafalda) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Hi Jay, Thanks for the response. I tried following command on both servers, and there was nothing coming out: restorecon -v /etc/services So the /etc/services file should be ok. Frank Ling From: Jay Leafey jay.lea...@mindless.com To: CentOS mailing list centos@centos.org Sent: Wednesday, February 11, 2009 9:40:30 PM Subject: Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size Frank Ling wrote: Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP. Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem. I am very sure both systems have not been hacked by others. Sincerely, Frank Ling -- -rw--- 1 root root 0 Feb 8 04:02 messages -rw--- 1 root root 0 Feb 3 11:04 messages.1 -rw--- 1 root root 0 Jan 25 04:02 messages.3 -rw--- 1 root root 0 Jan 11 04:03 messages.4 -rw--- 1 root root 10 Dec 27 13:00 messages.offset -rwx-- 1 root root 0 Feb 11 19:12 kernel -rwx-- 1 root root 0 Feb 11 16:53 kernel.1 -rwx-- 1 root root 0 Jan 25 04:02 kernel.3 -rwx-- 1 root root 0 Jan 11 04:03 kernel.4 -rw--- 1 root root 0 Feb 8 04:02 spooler -rw--- 1 root root 0 Feb 3 07:51 spooler.1 -rw--- 1 root root 0 Jan 25 04:02 spooler.3 -rw--- 1 root root 0 Jan 11 04:03 spooler.4 -rw--- 1 root root 0 Jun 24 2008 tallylog -- I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files. The quickest way to check for this is the command: restorecon -v /etc/services If nothing prints out in response, that's not the problem. If it DOES, that might explain it. I have been checking the contexts occasionally to try and trap exactly when it happens. I use: restorecon -R -n -v /etc which walks through the entire /etc tree looking for contexts to change but just reports any exceptions. Just a thought! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
On Thu, Feb 12, 2009 at 1:40 AM, Jay Leafey jay.lea...@mindless.com wrote: Frank Ling wrote: Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. [...] I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files. Maybe /var/log context? restorecon -R -n -v /etc restorecon -R -n -v /var/log You can force a global relabel: touch /.autorelabel and then reboot... -- Marcelo ¿No será acaso que ésta vida moderna está teniendo más de moderna que de vida? (Mafalda) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Hi Marcelo, Thanks for the comment. I had SELinux disabled. Anyway I tried your trick, and it didn't work. Something must went wrong. Frank Maybe /var/log context? restorecon -R -n -v /etc restorecon -R -n -v /var/log You can force a global relabel: touch /.autorelabel and then reboot... -- Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] logs such as messages, boot.log, and kernel contained 0 size
Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP. Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem. I am very sure both systems have not been hacked by others. Sincerely, Frank Ling -- -rw--- 1 root root 0 Feb 8 04:02 messages -rw--- 1 root root 0 Feb 3 11:04 messages.1 -rw--- 1 root root 0 Jan 25 04:02 messages.3 -rw--- 1 root root 0 Jan 11 04:03 messages.4 -rw--- 1 root root 10 Dec 27 13:00 messages.offset -rwx-- 1 root root 0 Feb 11 19:12 kernel -rwx-- 1 root root 0 Feb 11 16:53 kernel.1 -rwx-- 1 root root 0 Jan 25 04:02 kernel.3 -rwx-- 1 root root 0 Jan 11 04:03 kernel.4 -rw--- 1 root root 0 Feb 8 04:02 spooler -rw--- 1 root root 0 Feb 3 07:51 spooler.1 -rw--- 1 root root 0 Jan 25 04:02 spooler.3 -rw--- 1 root root 0 Jan 11 04:03 spooler.4 -rw--- 1 root root 0 Jun 24 2008 tallylog -- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Frank Ling wrote: Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP. Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem. I am very sure both systems have not been hacked by others. Sincerely, Frank Ling -- -rw--- 1 root root 0 Feb 8 04:02 messages -rw--- 1 root root 0 Feb 3 11:04 messages.1 -rw--- 1 root root 0 Jan 25 04:02 messages.3 -rw--- 1 root root 0 Jan 11 04:03 messages.4 -rw--- 1 root root 10 Dec 27 13:00 messages.offset -rwx-- 1 root root 0 Feb 11 19:12 kernel -rwx-- 1 root root 0 Feb 11 16:53 kernel.1 -rwx-- 1 root root 0 Jan 25 04:02 kernel.3 -rwx-- 1 root root 0 Jan 11 04:03 kernel.4 -rw--- 1 root root 0 Feb 8 04:02 spooler -rw--- 1 root root 0 Feb 3 07:51 spooler.1 -rw--- 1 root root 0 Jan 25 04:02 spooler.3 -rw--- 1 root root 0 Jan 11 04:03 spooler.4 -rw--- 1 root root 0 Jun 24 2008 tallylog -- I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files. The quickest way to check for this is the command: restorecon -v /etc/services If nothing prints out in response, that's not the problem. If it DOES, that might explain it. I have been checking the contexts occasionally to try and trap exactly when it happens. I use: restorecon -R -n -v /etc which walks through the entire /etc tree looking for contexts to change but just reports any exceptions. Just a thought! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
