On Wed, Jul 28, 2021 at 06:49:22PM +0900, Olaf Meeuwissen wrote: > Hi Hendrik, > > Hendrik Boom writes: > > > On Tue, Jul 27, 2021 at 12:50:36PM -0400, tempforever wrote: > >> Question: do you have /var mounted on a separate partition? I > >> encountered some weird behavior when I attempted to do so. That is, > >> there were files opened before the mount command was issued, resulting > >> in some weird things like that. > > > > No. /var is in the root partition, just like / > > and their file system is /dev/mapper/VG1-jessie--root > > This partition is the root partition. > > > > /usr is a separate partition, /dev/VG1/jessie-usr > > Looks like you're using LVM for / and /usr. Okay, no problem. > > > And /boot is also separate, /dev/md2 > > That looks like your third software RAID device. Not a problem either. > > >> Hendrik Boom wrote: > >> > well, by syslog isn't exactly missing, but ... > >> > > >> > Today my server was mysteriously unresponsive; that is, ssh to its IP > >> > address did not work. > >> > > >> > So I went over to it, and found the screen blanl. > >> > I tried directly into its keyboard (and yes, at this point I had checked > >> > that that power was on and the relevant cables were connected. > >> > No luck. > >> > > >> > I finally rebooted it. (A convenience that's easy to do when it's > >> > physically in your living room). > >> > > >> > It rebooted cleanly, recovered its file systems (quite easy 'cause the > >> > ones I use are EXT4, although there is a Reiser filesystem lurking > >> > somewhere too), and requested a login on its console screen. > >> > > >> > And after that, ssh'ing into it worked again. > >> > > >> > Now this has happened before, about a month ago. > >> > > >> > I decided to investigate and started by looking into /var/log/syslog. > >> > > >> > Which was full of entried from May, none from this month. > >> > And yes, it knows the date is Tue Jul 27 12:19:45 EDT 2021. > >> > > >> > I did a ls -l on syslog* > >> > > >> > april:~# ls -l /var/log/syslog* > >> > -rw-r----- 1 root adm 734459 May 17 2013 /var/log/syslog > >> > -rw-r----- 1 root adm 1197017 May 17 2013 /var/log/syslog.0 > >> > -rw-r----- 1 root adm 79876 May 13 2013 /var/log/syslog.1.gz > >> > -rw-r----- 1 root adm 127547 May 12 2013 /var/log/syslog.2.gz > >> > -rw-r----- 1 root adm 51821 May 10 2013 /var/log/syslog.3.gz > >> > -rw-r----- 1 root adm 44679 May 9 2013 /var/log/syslog.4.gz > >> > -rw-r----- 1 root adm 46240 May 8 2013 /var/log/syslog.5.gz > >> > -rw-r----- 1 root adm 41297 May 7 2013 /var/log/syslog.6.gz > >> > april:~# > > When you say "full of entries from May", I assume you mean May 2013.
I mean May. The entries do not mention the year. I presume they are from 2013, since that is consistent with the date on the file. In any case, the entries cannot be current, because then they would be from July. > > >> > It looks like nothing has been written to syslog for the last eight > >> > years! > > Silly question perhaps, but do you have a system-log-daemon installed? > > dpkg-query -W | grep syslog > > should tell you. The most likely one to be installed in rsyslog, IIRC. Look like I don't! april:~# dpkg-query -W | grep syslog libparse-syslog-perl 1.10-2 april:~# Guess it's time to install rsyslog. > > If you have, is it started at boot time *and* has it been configured to > actually log anything? For rsyslog, in the default setup, the answer is > yes for both of these questions. And installing it as a package should give me that default set-up. > > >> > And in all that time I hadn't noticed. > >> > > >> > It is still running ascii, by the way. I'm pretty sure ascii wasn't > >> > around yet in 2013, back when I was still running Debian. > > That seems to imply you migrated from Debian to Devuan. > When you migrated, was there anything that might have prevented your > system from keeping a daemon that processes log messages? > > >> > So why no system log? > > Maybe your Debian setup only had systemd installed, no rsyslog, and > when you migrated, no system-log-daemon was found to be needed? I did not have systemd installed. I migrated in the time of Jessie, before systemd became hard to avoid. I'm not sure, but I think I even migrated by upgrading from the previous Debian release directy to Devuan Jessie. > > >> > And, while I'm asking anyway, why no /var/log/mail* since 2013 either? > > Does you system have a running SMTP daemon that gets to process any > mail? Yes. Postfix. It's the one that accepted your message just now. Has it been configured to log anything? Does your syslogger > spit those log messages into /var/log/mail*? Since the mail log stopped at the same time as the syslog, maybe it also needs syslog. I just installed rsyslog, and I'm getting syslog entries again. Do I also need the other related packages like rsyslog-czmq, rsyslog-elasticsearch, rsyslog-gnutls, rsyslog-gssapi, rsyslog-hiredis, rsyslog-kafka, rsyslog-mongodb, rsyslog-mysql, rsyslog-pgsql, and rsyslog-relp? And the mail log is geting entries as well. And a lot of other logs. Some logs don't seem to need the logging demon: alternatives aptitude dpkg mediatomb messages pm-powersave popularity-contest and some did: auth daemon debug dmesg kern.log mail.log messages syslog Thank you. -- hendrik > > >> > What has changed? > >> > What might have changed? > > Just shooting in the dark ;-) > -- > Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 > GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 > Support Free Software https://my.fsf.org/donate > Join the Free Software Foundation https://my.fsf.org/join _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
