HPE Community
Operating System - HP-UX
1751883 Members
5183 Online
108783 Solutions
New Discussion

syslog and mail log not updating

 
Deepanpriyen
Occasional Advisor

‎04-30-2013 05:07 AM

‎04-30-2013 05:07 AM

syslog and mail log not updating

HI

 

os:v2.

 

we found that syslog and mail log are not updating .

 

it shows as zero sized file for past 15 days.

 

i tested with below

 

logger "test command"

 

logger -p mail.info "test mail check"

 

but there is no update in the log file.

 

then I checked with cat -t /etc/syslog.conf

 

$ cat /etc/syslog.conf
# @(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug^I/var/adm/syslog/mail
*.info;mail.none^I/var/adm/syslog/syslog.log
*.emerg^I/var/adm/log/emergency/emergency
*.alert^I/var/adm/log/alert/alert
*.err^I/var/adm/log/error/error
*.crit^I/var/adm/log/critical/critical
*.warning^I/var/adm/log/warning/warning
*.info^I/var/adm/log/information/information
$

every thing seems to be fine.

 

then I restarted send mail by /sbin/init.d/sendmail stop and start.

 

 

even after when I tested with logger command for checking mail log,there is no update.

 

I haven't tested for syslog.

0 Kudos
Reply
6 REPLIES 6
Patrick Wallek
Honored Contributor

‎04-30-2013 06:26 AM

‎04-30-2013 06:26 AM

Re: syslog and mail log not updating

Syslog is what controls all of the logging.

 

First check to see if syslogd is running.

 

# ps -ef |grep syslog

 

If it is not,

 

# /sbin/init.d/syslogd start

Reply
Patrick Wallek
Honored Contributor

‎04-30-2013 06:29 AM

‎04-30-2013 06:29 AM

Re: syslog and mail log not updating

On a 2nd look -- Your syslog.conf file looks strange.

 

Here is one from one of my servers:

mail.debug      /var/adm/syslog/mail.log
local0.info     /var/adm/syslog/ipmon.log
local1.info     /var/adm/syslog/ems.log
local2.info     /var/adm/syslog/ignite.log
local5.info     /var/adm/syslog/ftpd.log
daemon.crit     /var/adm/syslog/daemon.log
auth.info       /var/adm/syslog/auth.log
lpr.info        /var/adm/syslog/lpr.log
user.info       /var/adm/syslog/user.log

*.alert         console
*.alert         root
*.emerg         *

 The fields MUST be separated by one or more TABS (not spaces, but TABS).  If they are not, then syslog will not work correctly.

Reply
Deepanpriyen
Occasional Advisor

‎05-01-2013 12:53 AM

‎05-01-2013 12:53 AM

Re: syslog and mail log not updating

Hi

 

After restaring syslogd ,syslog and mail log started to update.

 

How can i find the root cause,what is the reason both log file was not updated?

 

after restarting syslogd,both syslog and mail log got updated.

 

is there any link between syslogd and mail?

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-01-2013 06:21 PM

‎05-01-2013 06:21 PM

Re: syslog and mail log not updating

>> How can i find the root cause,what is the reason both log file was not updated?

 

The root cause is that the daemons stopped running. Since both daemons stopped, it is likely that one of your root users ran a kill command with the wrong process IDs. Or it could be a buggy script that kills the wrong programs.



Bill Hassell, sysadmin
0 Kudos
Reply
coollllllllllll
Regular Advisor

‎05-01-2013 10:09 PM

‎05-01-2013 10:09 PM

Re: syslog and mail log not updating

Hi ,

 

Also check for any sort commands used in your application , which goes in loop and fills up /var and inturn stops syslog logging.

 

 

0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎05-02-2013 12:38 AM

‎05-02-2013 12:38 AM

Re: syslog and mail log not updating

> is there any link between syslogd and mail?

 

Yes. Sendmail (or whatever you're using as a Mail Transfer Agent) sends its log messages to syslogd (by writing them to syslog UNIX socket at /dev/log), and syslogd writes the actual mail log file.

 

Any program can use syslogd for its log messages: programs can use the openlog()/syslog()/closelog() library functions, and scripts can use the "logger" command. Writing correctly formatted messages directly to /dev/log is also possible, but trickier than using the existing functions/commands.

 

Syslogd is usually very reliable. If it had died on your system, the expected reasons might be:

  • user error (someone with root access had stopped it and did not start it again, either accidentally or on purpose)
  • malicious attack (an unauthorized person had root access on your system and did something that s/he did not want logged, so s/he killed the syslogd)
  • really serious system overload (at some point, your system ran completely out of RAM/swap, so bad that syslogd could not do its job and it died)
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.