:: Re: [DNG] Missing syslog: SOLVED
Etusivu
Poista viesti
Vastaa
Lähettäjä: Hendrik Boom
Päiväys:  
Vastaanottaja: dng
Vanhat otsikot: Re: [DNG] Missing syslog
Aihe: Re: [DNG] Missing syslog: SOLVED
On Wed, Jul 28, 2021 at 06:49:22PM +0900, Olaf Meeuwissen wrote:
> Hi Hendrik,
>
> Hendrik Boom writes:
>
> > On Tue, Jul 27, 2021 at 12:50:36PM -0400, tempforever wrote:
> >> Question: do you have /var mounted on a separate partition? I
> >> encountered some weird behavior when I attempted to do so. That is,
> >> there were files opened before the mount command was issued, resulting
> >> in some weird things like that.
> >
> > No. /var is in the root partition, just like /
> > and their file system is /dev/mapper/VG1-jessie--root
> > This partition is the root partition.
> >
> > /usr is a separate partition, /dev/VG1/jessie-usr
>
> Looks like you're using LVM for / and /usr. Okay, no problem.
>
> > And /boot is also separate, /dev/md2
>
> That looks like your third software RAID device. Not a problem either.
>
> >> Hendrik Boom wrote:
> >> > well, by syslog isn't exactly missing, but ...
> >> >
> >> > Today my server was mysteriously unresponsive; that is, ssh to its IP
> >> > address did not work.
> >> >
> >> > So I went over to it, and found the screen blanl.
> >> > I tried directly into its keyboard (and yes, at this point I had checked
> >> > that that power was on and the relevant cables were connected.
> >> > No luck.
> >> >
> >> > I finally rebooted it. (A convenience that's easy to do when it's
> >> > physically in your living room).
> >> >
> >> > It rebooted cleanly, recovered its file systems (quite easy 'cause the
> >> > ones I use are EXT4, although there is a Reiser filesystem lurking
> >> > somewhere too), and requested a login on its console screen.
> >> >
> >> > And after that, ssh'ing into it worked again.
> >> >
> >> > Now this has happened before, about a month ago.
> >> >
> >> > I decided to investigate and started by looking into /var/log/syslog.
> >> >
> >> > Which was full of entried from May, none from this month.
> >> > And yes, it knows the date is Tue Jul 27 12:19:45 EDT 2021.
> >> >
> >> > I did a ls -l on syslog*
> >> >
> >> > april:~# ls -l /var/log/syslog*
> >> > -rw-r----- 1 root adm 734459 May 17 2013 /var/log/syslog
> >> > -rw-r----- 1 root adm 1197017 May 17 2013 /var/log/syslog.0
> >> > -rw-r----- 1 root adm 79876 May 13 2013 /var/log/syslog.1.gz
> >> > -rw-r----- 1 root adm 127547 May 12 2013 /var/log/syslog.2.gz
> >> > -rw-r----- 1 root adm 51821 May 10 2013 /var/log/syslog.3.gz
> >> > -rw-r----- 1 root adm 44679 May 9 2013 /var/log/syslog.4.gz
> >> > -rw-r----- 1 root adm 46240 May 8 2013 /var/log/syslog.5.gz
> >> > -rw-r----- 1 root adm 41297 May 7 2013 /var/log/syslog.6.gz
> >> > april:~#
>
> When you say "full of entries from May", I assume you mean May 2013.


I mean May. The entries do not mention the year. I presume they are from 2013, since that is
consistent with the date on the file.
In any case, the entries cannot be current, because then they would be from July.

>
> >> > It looks like nothing has been written to syslog for the last eight
> >> > years!
>
> Silly question perhaps, but do you have a system-log-daemon installed?
>
> dpkg-query -W | grep syslog
>
> should tell you. The most likely one to be installed in rsyslog, IIRC.


Look like I don't!

april:~# dpkg-query -W | grep syslog
libparse-syslog-perl    1.10-2
april:~#


Guess it's time to install rsyslog.

>
> If you have, is it started at boot time *and* has it been configured to
> actually log anything? For rsyslog, in the default setup, the answer is
> yes for both of these questions.


And installing it as a package should give me that default set-up.

>
> >> > And in all that time I hadn't noticed.
> >> >
> >> > It is still running ascii, by the way. I'm pretty sure ascii wasn't
> >> > around yet in 2013, back when I was still running Debian.
>
> That seems to imply you migrated from Debian to Devuan.
> When you migrated, was there anything that might have prevented your
> system from keeping a daemon that processes log messages?
>
> >> > So why no system log?
>
> Maybe your Debian setup only had systemd installed, no rsyslog, and
> when you migrated, no system-log-daemon was found to be needed?


I did not have systemd installed. I migrated in the time of Jessie,
before systemd became hard to avoid.
I'm not sure, but I think I even migrated by upgrading from the
previous Debian release directy to Devuan Jessie.

>
> >> > And, while I'm asking anyway, why no /var/log/mail* since 2013 either?


>
> Does you system have a running SMTP daemon that gets to process any
> mail?


Yes. Postfix. It's the one that accepted your message just now.

Has it been configured to log anything? Does your syslogger
> spit those log messages into /var/log/mail*?


Since the mail log stopped at the same time as the syslog, maybe it
also needs syslog.

I just installed rsyslog, and I'm getting syslog entries again.

Do I also need the other related packages like rsyslog-czmq,
rsyslog-elasticsearch, rsyslog-gnutls, rsyslog-gssapi, rsyslog-hiredis,
rsyslog-kafka, rsyslog-mongodb, rsyslog-mysql, rsyslog-pgsql, and
rsyslog-relp?

And the mail log is geting entries as well. And a lot of other logs.
Some logs don't seem to need the logging demon:
alternatives
aptitude
dpkg
mediatomb
messages
pm-powersave
popularity-contest

and some did:
auth
daemon
debug
dmesg
kern.log
mail.log
messages
syslog


Thank you.

-- hendrik

>
> >> > What has changed?
> >> > What might have changed?
>
> Just shooting in the dark ;-)
> --
> Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
>  GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
>  Support Free Software                        https://my.fsf.org/donate
>  Join the Free Software Foundation              https://my.fsf.org/join