:: Re: [DNG] Missing syslog: SOLVED
Etusivu
Poista viesti
Vastaa
Lähettäjä: Olaf Meeuwissen
Päiväys:  
Vastaanottaja: Hendrik Boom
Kopio: dng
Aihe: Re: [DNG] Missing syslog: SOLVED
Hi Hendrik,

Hendrik Boom wrote (among other things):

> On Wed, Jul 28, 2021 at 06:49:22PM +0900, Olaf Meeuwissen wrote:
>> Hi Hendrik,
>>
>> Silly question perhaps, but do you have a system-log-daemon installed?
>>
>> dpkg-query -W | grep syslog
>>
>> should tell you. The most likely one to be installed in rsyslog, IIRC.
>
> Look like I don't!
>
> april:~# dpkg-query -W | grep syslog
> libparse-syslog-perl    1.10-2
> april:~#

>
> Guess it's time to install rsyslog.
>
>> If you have, is it started at boot time *and* has it been configured to
>> actually log anything? For rsyslog, in the default setup, the answer is
>> yes for both of these questions.
>
> And installing it as a package should give me that default set-up.


Indeed, it should.

>> >> > And in all that time I hadn't noticed.
>> >> >
>> >> > It is still running ascii, by the way. I'm pretty sure ascii wasn't
>> >> > around yet in 2013, back when I was still running Debian.
>>
>> That seems to imply you migrated from Debian to Devuan.
>> When you migrated, was there anything that might have prevented your
>> system from keeping a daemon that processes log messages?
>>
>> >> > So why no system log?
>>
>> Maybe your Debian setup only had systemd installed, no rsyslog, and
>> when you migrated, no system-log-daemon was found to be needed?
>
> I did not have systemd installed. I migrated in the time of Jessie,
> before systemd became hard to avoid.
> I'm not sure, but I think I even migrated by upgrading from the
> previous Debian release directy to Devuan Jessie.


>> >> > And, while I'm asking anyway, why no /var/log/mail* since 2013 either?
>
>> Does you system have a running SMTP daemon that gets to process any
>> mail?
>
> Yes. Postfix. It's the one that accepted your message just now.


Postfix, by default, logs to the system logger which, for a default
rsyslog setup, will write log message there.

>> Has it been configured to log anything? Does your syslogger
>> spit those log messages into /var/log/mail*?
>
> Since the mail log stopped at the same time as the syslog, maybe it
> also needs syslog.
>
> I just installed rsyslog, and I'm getting syslog entries again.


Good!

> Do I also need the other related packages like rsyslog-czmq,
> rsyslog-elasticsearch, rsyslog-gnutls, rsyslog-gssapi, rsyslog-hiredis,
> rsyslog-kafka, rsyslog-mongodb, rsyslog-mysql, rsyslog-pgsql, and
> rsyslog-relp?


As Ludovic already mentioned, only if you want rsyslog to log some sort
of database. If you are happy with logging to files, just rsyslog will
suffice.

> And the mail log is geting entries as well. And a lot of other logs.


Many daemons, but not all, and many tools, but again not all, send their
log messages via syslog(), so rsyslog (or some other syslogger) gets to
deal with them.

> Some logs don't seem to need the logging demon:
> alternatives
> aptitude
> dpkg
> mediatomb
> messages
> pm-powersave
> popularity-contest


These are written to directly by the corresponding software. These
message do not go through rsyslog. However, some may also be sent to
rsyslog and end up in the files below (as duplicates).

> and some did:
> auth
> daemon
> debug
> dmesg
> kern.log
> mail.log
> messages
> syslog


These are written to by rsyslog in the default setup. Any software that
sents it log messages via syslog() may end up logging there dependent on
the rsyslog configuration.

> Thank you.


Glad you found the cause of your problem!
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join