Look at line: 32697 - That is the LAST line of debug as the system booted up.
Now, look at the next line: 32698 - That is the first line after the sysadmin pressed Enter after typing "reboot." I don't understand the time encoding prior to the first colon (:) of each line; but, this host was up for ten (10) minutes or more before backing out of the update patches and reboot. How can I provide missing messages, when they are missing? The only way to get to this host is via SSH. During the period of the debug log, another sysadmin and I logged onto that host at least three (3) times each - not one write to /var/log/secure !?!? Yes, there are /var/log/* writes up until the system fully booted - then nothing - until sysadmin pressed Enter, more than ten (10) minutes later. The ONLY /var/log/ files to get written to during that period were /var/log/lastlog and /var/log/wtmp - NOT one other log was written to in more than ten (10) minutes ... Please, advise. Thank you. ~ Mike On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <rgerha...@hq.adiscon.com> wrote: > 2017-10-19 16:14 GMT+02:00 Mike Schleif <mike+rsys...@mdsresource.net>: > > Rainer, > > > > Debug attached. Full reboot follows each update and roll back. > > > > It looks like nothing under /var/log/ gets written to after reboot > > complete, except lastlog and wtmp. > > mmhhh... I see at least writes to > > /var/log/messages: > Reg/w0 : strm 0x7f81fc005290: stream.c: opened file > '/var/log/messages' for WRITE as 12 > Reg/w0 : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041 bytes > > from the embedded pstats, I see that no other action received > messages. So far, everything looks ok. > > Can you point me to a specific message that you think is missing? I > could then try to follow its flow inside the debug log. > > Rainer > > > > Event rsyslog-stats is not written to after boot complete. > > > > Please, advise. Thank you. > > > > ~ Mike > > > > > > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards < > rgerha...@hq.adiscon.com> > > wrote: > > > >> Do you mean some logs were written to and some not? > >> > >> If so, I need a Debug log to diagnose what is going on. > >> > >> Rainer > >> > >> Sent from phone, thus brief. > >> > >> Am 18.10.2017 17:36 schrieb "Mike Schleif" < > mike+rsys...@mdsresource.net>: > >> > >> > # cat /etc/centos-release > >> > CentOS Linux release 7.4.1708 (Core) > >> > > >> > > >> > After yum updates yesterday (see below,) several logs no longer > logged, > >> > including /var/log/secure > >> > > >> > In the last hour, we rolled back that entire yum update, and logging > >> > appears to be as expected > >> > > >> > Please, advise. Thank you. > >> > > >> > ~ Mike > >> > > >> > > >> > # yum history info 62 > >> > Loaded plugins: fastestmirror > >> > Transaction ID : 62 > >> > Begin time : Tue Oct 17 07:42:51 2017 > >> > Begin rpmdb : 597:442a35918ca922c515d3f9bbc38cb3733341358a > >> > End time : 07:43:00 2017 (9 seconds) > >> > End rpmdb : 597:f817c423ae76bafaafaab823cfca6d4030e069f0 > >> > User : Jeffrey Reed <jreed> > >> > Return-Code : Success > >> > Command Line : update > >> > Transaction performed with: > >> > Installed rpm-4.11.3-25.el7.x86_64 @base > >> > Installed yum-3.4.3-154.el7.centos.noarch @base > >> > Installed yum-plugin-fastestmirror-1.1.31-42.el7.noarch @base > >> > Packages Altered: > >> > Updated epel-release-7-10.noarch @epel > >> > Update 7-11.noarch @epel-testing > >> > Updated libfastjson4-0.99.5-1.el7.x86_64 @rsyslog_v8 > >> > Update 0.99.7-1.el7.x86_64 @rsyslog_v8 > >> > Updated mysql-community-client-5.6.37-2.el7.x86_64 > >> @mysql56-community > >> > Update 5.6.38-2.el7.x86_64 > @mysql56-community > >> > Updated mysql-community-common-5.6.37-2.el7.x86_64 > >> @mysql56-community > >> > Update 5.6.38-2.el7.x86_64 > @mysql56-community > >> > Updated mysql-community-libs-5.6.37-2.el7.x86_64 > >> @mysql56-community > >> > Update 5.6.38-2.el7.x86_64 > @mysql56-community > >> > Updated rsyslog-8.29.0-2.el7.x86_64 @rsyslog_v8 > >> > Update 8.30.0-1.el7.x86_64 @rsyslog_v8 > >> > Updated rsyslog-mysql-8.29.0-2.el7.x86_64 @rsyslog_v8 > >> > Update 8.30.0-1.el7.x86_64 @rsyslog_v8 > >> > history info > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> > DON'T LIKE THAT. > >> > > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.