Since our monitoring script notified us that one of our domains wasn't responding for a few minutes last time, I checked all files in /var/log on the server hosting this domain. Unfortunately I couldn't find anything since /var/log/messages was actually not being written to.
My first thought was to check whether syslog-ng was running:
# ps aux | grep syslog-ng | grep -v grep
root 915 0.0 0.0 6156 612 ? Ss 22:30 0:00 /sbin/syslog-ng
So it is running.
# /etc/init.d/syslog restart
Shutting down syslog services done
Starting syslog services done
Restarting it also works.
# /etc/init.d/syslog status
Checking for service syslog: running
Everything looks fine... Except that /var/log/messages is not being written to...
Re-running SuSEConfig and restarting it didn't help either:
# SuSEconfig --module syslog-ng
Starting SuSEconfig, the SuSE Configuration Tool...
Running module syslog-ng only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.syslog-ng...
Finished.
# rcsyslog restart
Shutting down syslog services done
Starting syslog services done
Then I though delete /var/log/messages might help:
# /etc/init.d/syslog stop
# rm /var/log/messages
# touch /var/log/messages
# /etc/init.d/syslog start
But no changes... Then I tried to trigger the writing of an entry just to make sure that the problem is not that nobody actually writes log entries which should go to /var/log/messages:
# logger -i "New log entry created to check whether it will really be written to disk"
No error message, no trace of this entry anywhere...
So it has to be something in the configuration... So I open /etc/syslog-ng/syslog-ng.conf.in, search for /var/log/messages and find the following lines:
#
# All messages except iptables and the facilities news and mail:
#
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); filter(f_mailwarn); destination(messages); };
There it is ! "filter(f_mailwarn);" is causing the problem. So I removed it, re-run SuSEConfig, restarted syslog_ng and sent a log message:
# SuSEconfig --module syslog-ng
Starting SuSEconfig, the SuSE Configuration Tool...
Running module syslog-ng only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.syslog-ng...
Finished.
# rcsyslog restart
Shutting down syslog services done
Starting syslog services done
# logger -i "New log entry created to check whether it will really be written to disk"
# grep "New log entry created" /var/log/messages
Apr 6 22:48:53 xxx root[1707]: New log entry created to check whether it will really be written to disk
My first thought was to check whether syslog-ng was running:
# ps aux | grep syslog-ng | grep -v grep
root 915 0.0 0.0 6156 612 ? Ss 22:30 0:00 /sbin/syslog-ng
So it is running.
# /etc/init.d/syslog restart
Shutting down syslog services done
Starting syslog services done
Restarting it also works.
# /etc/init.d/syslog status
Checking for service syslog: running
Everything looks fine... Except that /var/log/messages is not being written to...
Re-running SuSEConfig and restarting it didn't help either:
# SuSEconfig --module syslog-ng
Starting SuSEconfig, the SuSE Configuration Tool...
Running module syslog-ng only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.syslog-ng...
Finished.
# rcsyslog restart
Shutting down syslog services done
Starting syslog services done
Then I though delete /var/log/messages might help:
# /etc/init.d/syslog stop
# rm /var/log/messages
# touch /var/log/messages
# /etc/init.d/syslog start
But no changes... Then I tried to trigger the writing of an entry just to make sure that the problem is not that nobody actually writes log entries which should go to /var/log/messages:
# logger -i "New log entry created to check whether it will really be written to disk"
No error message, no trace of this entry anywhere...
So it has to be something in the configuration... So I open /etc/syslog-ng/syslog-ng.conf.in, search for /var/log/messages and find the following lines:
#
# All messages except iptables and the facilities news and mail:
#
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); filter(f_mailwarn); destination(messages); };
There it is ! "filter(f_mailwarn);" is causing the problem. So I removed it, re-run SuSEConfig, restarted syslog_ng and sent a log message:
# SuSEconfig --module syslog-ng
Starting SuSEconfig, the SuSE Configuration Tool...
Running module syslog-ng only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.syslog-ng...
Finished.
# rcsyslog restart
Shutting down syslog services done
Starting syslog services done
# logger -i "New log entry created to check whether it will really be written to disk"
And there it is:
# grep "New log entry created" /var/log/messages
Apr 6 22:48:53 xxx root[1707]: New log entry created to check whether it will really be written to disk
No comments:
Post a Comment