Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
SOLVED On Wed, Aug 6, 2014 at 10:28 PM, James A. Peltier jpelt...@sfu.ca wrote: - Original Message - | On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: | | Probably rsyslog is being started before /var/log is mounted, and | so it | is opening files within /var/log on the root device. | | rsyslog should start after local mounts are finished. | | I suspect it's selinux; /var/log should have a var_log_t context | and I | suspect it doesn't. running a restorecon -vv on /var/log should correct that automatically I would think. I had suspected SElinux and have it disabled still rsyslogd was not logging on the new device mounted on /var/log/ *** restorecon -vv /var/log does the trick! *** @ James A. Peltier Thank you! FWIW - here are the steps 1. service rsyslog stop 2. mount new var log device /mnt/ 3. rsync -aP /var/log/ /mnt/ 4. rm -fr /var/log/* 5. umount /mnt 6. mount new var log device /var/log/ (also make change to /etc/fstab) 7. restorecon -vv /var/logthe solution 8. service rsyslog start. 9. logger this is a test 10. tail /var/log/messages to verify that indeed the logger string was logged. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
On 08/07/2014 05:48 AM, Arun Khan wrote: SOLVED On Wed, Aug 6, 2014 at 10:28 PM, James A. Peltier jpelt...@sfu.ca wrote: - Original Message - | On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: | | Probably rsyslog is being started before /var/log is mounted, and | so it | is opening files within /var/log on the root device. | | rsyslog should start after local mounts are finished. | | I suspect it's selinux; /var/log should have a var_log_t context | and I | suspect it doesn't. running a restorecon -vv on /var/log should correct that automatically I would think. I had suspected SElinux and have it disabled still rsyslogd was not logging on the new device mounted on /var/log/ *** restorecon -vv /var/log does the trick! *** @ James A. Peltier Thank you! FWIW - here are the steps 1. service rsyslog stop 2. mount new var log device /mnt/ 3. rsync -aP /var/log/ /mnt/ 4. rm -fr /var/log/* 5. umount /mnt 6. mount new var log device /var/log/ (also make change to /etc/fstab) 7. restorecon -vv /var/logthe solution 8. service rsyslog start. 9. logger this is a test 10. tail /var/log/messages to verify that indeed the logger string was logged. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos If restorecon fixes the problem, then you never disabled SELinux If you untar files into a location, you should always run restorecon on the directory to fix the SELinux labels. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in /var/log/messages. To test the logging, I used the 'logger' command to log some string; nothing appears in /var/log/messages. 'service rsyslog status' reports the daemon is running. When I stop rsyslog, umount the /var/log device and then restart rsyslog, I can see that logs are being recorded in /var/log/messages. Using the 'logger' command I can see messages written in /var/log/messages. man pages of ryslog.conf and rsyslogd show nothing related to logs being on a separate device Any pointers to fix the problem would be much appreciated. [1] Disk /dev/xvda: 8589 MB, 8589934592 bytes Device Boot Start End Blocks Id System /dev/xvda1 * 1 64 512000 83 Linux /dev/xvda2 641045 7875584 8e Linux LVM Disk /dev/mapper/VolGroup-lv_root: 7205 MB, 7205814272 bytes Disk /dev/mapper/VolGroup-lv_swap: 855 MB, 855638016 bytes -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
In article cahhm8gd+hfduyy7uah3kx2h37ca5fdbbwtjwyckv9tp3_4n...@mail.gmail.com, Arun Khan knu...@gmail.com wrote: The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in /var/log/messages. To test the logging, I used the 'logger' command to log some string; nothing appears in /var/log/messages. 'service rsyslog status' reports the daemon is running. When I stop rsyslog, umount the /var/log device and then restart rsyslog, I can see that logs are being recorded in /var/log/messages. Using the 'logger' command I can see messages written in /var/log/messages. man pages of ryslog.conf and rsyslogd show nothing related to logs being on a separate device Any pointers to fix the problem would be much appreciated. Probably rsyslog is being started before /var/log is mounted, and so it is opening files within /var/log on the root device. When the second device gets mounted on /var/log, the files within the original /var/log are no longer visible, but rsyslog still has open handles to them. You need to arrange for rsyslog to get restarted or HUPed after the mounting of /var/log. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: Probably rsyslog is being started before /var/log is mounted, and so it is opening files within /var/log on the root device. rsyslog should start after local mounts are finished. I suspect it's selinux; /var/log should have a var_log_t context and I suspect it doesn't. John -- The most valuable thing you can make is a mistake - you can't learn anything from being perfect. -- Adam Osborne (1939-2003), American entrepreneur pgpl7lAYqgMYd.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
- Original Message - | On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: | | Probably rsyslog is being started before /var/log is mounted, and | so it | is opening files within /var/log on the root device. | | rsyslog should start after local mounts are finished. | | I suspect it's selinux; /var/log should have a var_log_t context | and I | suspect it doesn't. running a restorecon -vv on /var/log should correct that automatically I would think. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices To be original seek your inspiration from unexpected sources. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
In article 20140806165735.gd10...@frodo.gerdesas.com, John R. Dennison j...@gerdesas.com wrote: On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: Probably rsyslog is being started before /var/log is mounted, and so it is opening files within /var/log on the root device. rsyslog should start after local mounts are finished. Ah, ok, thanks. I hadn't actually gone and looked... I suspect it's selinux; /var/log should have a var_log_t context and I suspect it doesn't. Be interesting to know if that fixes it for the OP. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
On 2014-08-06, John R. Dennison j...@gerdesas.com wrote: On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: Probably rsyslog is being started before /var/log is mounted, and so it is opening files within /var/log on the root device. rsyslog should start after local mounts are finished. I suspect it's selinux; /var/log should have a var_log_t context and I suspect it doesn't. But would that explain why, when the OP umounts /var/log, the latest logs have been written to /var/log/messages on the / filesystem? It certainly can't hurt to check both cases: make sure rsyslog is starting after the proper filesystem with /var/log is mounted, and check the selinux contexts to make sure they're correct. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
On Wed, Aug 06, 2014 at 10:20:38AM -0700, Keith Keller wrote: It certainly can't hurt to check both cases: make sure rsyslog is starting after the proper filesystem with /var/log is mounted, and check the selinux contexts to make sure they're correct. rsyslog is started with a start priority of 12; long after /etc/rc.d/rc.sysinit finished mounting local filesystems. Syslog's initial ring-buffer is dumped nearly at the end of sysinit so that should be getting dumped to the newly-mounted /var/log as well. Kind of curious as to why that is not happening. John -- When you've driven race cars, and when you've jumped out of airplanes, cars are on fire, when you've been upside down at two hundred miles per hour waiting for your head to hit the ground, when you've been in Africa with a wounded Cape buffalo six feet in front of you, chargin' ya, I'll let someone else decide what the most dangerous thing I've ever done is. -- Carroll Shelby (11 January 1912 - 10 May 2012) American automotive designer, racing driver, and entrepreneur pgp1JDx7QuYdH.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
