Hmmm.... is rsyslog failing to write things to files? Apr 07 15:15:01 sochi rsyslogd[2023]: action 'action 6' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.co Apr 07 15:15:01 sochi rsyslogd[2023]: action 'action 6' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
I see a lot of stuff like that from rsyslog. syslog 2023 0.0 0.0 347096 5648 ? Ssl Apr06 0:08 /usr/sbin/rsyslogd -n $ ls -latr auth.log -rw-r----- 1 root adm 0 Jul 14 2014 auth.log How can a syslog user write to a root owned file? <insert mem gif of geometry confusion / does not compute> $ sudo chown syslog:adm /var/log/auth.log; sudo systemctl restart rsyslog Seems to fix things for me, and auth.log is getting entries... My guess is that /usr/lib/tmpfiles.d/00rsyslog.conf is incomplete? and that we need to override more permissions in it? In that case, it sounds like a bug in rsyslog, for not having right permissions specified in tmpfiles.d? ** Changed in: rsyslog (Ubuntu Bionic) Importance: Undecided => Critical ** Changed in: systemd (Ubuntu Bionic) Importance: Critical => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761630 Title: journald takes over /dev/log in bionic, impacts usability of syslog querying To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1761630/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
