:: Re: [DNG] Missing syslog
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Olaf Meeuwissen
日付:  
To: Hendrik Boom
CC: dng
新しいトピック: Re: [DNG] Missing syslog: SOLVED
題目: Re: [DNG] Missing syslog
Hi Hendrik,

Hendrik Boom writes:

> On Tue, Jul 27, 2021 at 12:50:36PM -0400, tempforever wrote:
>> Question: do you have /var mounted on a separate partition? I
>> encountered some weird behavior when I attempted to do so. That is,
>> there were files opened before the mount command was issued, resulting
>> in some weird things like that.
>
> No. /var is in the root partition, just like /
> and their file system is /dev/mapper/VG1-jessie--root
> This partition is the root partition.
>
> /usr is a separate partition, /dev/VG1/jessie-usr


Looks like you're using LVM for / and /usr. Okay, no problem.

> And /boot is also separate, /dev/md2


That looks like your third software RAID device. Not a problem either.

>> Hendrik Boom wrote:
>> > well, by syslog isn't exactly missing, but ...
>> >
>> > Today my server was mysteriously unresponsive; that is, ssh to its IP
>> > address did not work.
>> >
>> > So I went over to it, and found the screen blanl.
>> > I tried directly into its keyboard (and yes, at this point I had checked
>> > that that power was on and the relevant cables were connected.
>> > No luck.
>> >
>> > I finally rebooted it. (A convenience that's easy to do when it's
>> > physically in your living room).
>> >
>> > It rebooted cleanly, recovered its file systems (quite easy 'cause the
>> > ones I use are EXT4, although there is a Reiser filesystem lurking
>> > somewhere too), and requested a login on its console screen.
>> >
>> > And after that, ssh'ing into it worked again.
>> >
>> > Now this has happened before, about a month ago.
>> >
>> > I decided to investigate and started by looking into /var/log/syslog.
>> >
>> > Which was full of entried from May, none from this month.
>> > And yes, it knows the date is Tue Jul 27 12:19:45 EDT 2021.
>> >
>> > I did a ls -l on syslog*
>> >
>> > april:~# ls -l /var/log/syslog*
>> > -rw-r----- 1 root adm 734459 May 17 2013 /var/log/syslog
>> > -rw-r----- 1 root adm 1197017 May 17 2013 /var/log/syslog.0
>> > -rw-r----- 1 root adm 79876 May 13 2013 /var/log/syslog.1.gz
>> > -rw-r----- 1 root adm 127547 May 12 2013 /var/log/syslog.2.gz
>> > -rw-r----- 1 root adm 51821 May 10 2013 /var/log/syslog.3.gz
>> > -rw-r----- 1 root adm 44679 May 9 2013 /var/log/syslog.4.gz
>> > -rw-r----- 1 root adm 46240 May 8 2013 /var/log/syslog.5.gz
>> > -rw-r----- 1 root adm 41297 May 7 2013 /var/log/syslog.6.gz
>> > april:~#


When you say "full of entries from May", I assume you mean May 2013.

>> > It looks like nothing has been written to syslog for the last eight
>> > years!


Silly question perhaps, but do you have a system-log-daemon installed?

dpkg-query -W | grep syslog

should tell you. The most likely one to be installed in rsyslog, IIRC.

If you have, is it started at boot time *and* has it been configured to
actually log anything? For rsyslog, in the default setup, the answer is
yes for both of these questions.

>> > And in all that time I hadn't noticed.
>> >
>> > It is still running ascii, by the way. I'm pretty sure ascii wasn't
>> > around yet in 2013, back when I was still running Debian.


That seems to imply you migrated from Debian to Devuan.
When you migrated, was there anything that might have prevented your
system from keeping a daemon that processes log messages?

>> > So why no system log?


Maybe your Debian setup only had systemd installed, no rsyslog, and
when you migrated, no system-log-daemon was found to be needed?

>> > And, while I'm asking anyway, why no /var/log/mail* since 2013 either?


Does you system have a running SMTP daemon that gets to process any
mail? Has it been configured to log anything? Does your syslogger
spit those log messages into /var/log/mail*?

>> > What has changed?
>> > What might have changed?


Just shooting in the dark ;-)
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join