System Administration
Showing results for 
Search instead for 
Did you mean: 

syslog is not logging events

Go to solution
Ralf Seefeldt
Valued Contributor

syslog is not logging events

Hi all,
I have a customer running a bunch of LINUX server (Oracle with RedHat Kernel 2.6.18- ).
My problem is, that the syslog files are nearly empty.
One example (with a logrotate every week) is:

    # cat /var/log/messages.1
    Sep 30 04:02:02 <hostname> syslogd 1.4.1: restart.
That's all

no auditd logs.
Today, we had a full local filesystem. There are no messages about this in the messages.

The syslog configuration seems OK to me. syslogd and klogd are running.

Where can I adjust the config for syslog to log as expected (vx_nospace, kernel, auditd, ...)?

My config is:

cat syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

cat  /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".

ps -ef | grep log
root      8482 12522  0 11:17 pts/1    00:00:00 grep log
root      9857     1  0 11:06 ?        00:00:00 syslogd -m 0
root      9862     1  0 11:06 ?        00:00:00 klogd -x


Any help will be greatly appreciated.




Ralf Seefeldt
Valued Contributor

Re: syslog is not logging events

/proc/kmesg doesn't produce any message, when a filesystem (/boot) runs full.

Ralf Seefeldt
Valued Contributor

Re: syslog is not logging events

I figured out, that there is really no way to get historical informationen about filled up fielsystems. It is simply not tracked by LINUX.

Tools like logwatch would do the job, but with the restriction, that they do not run permanently and provide only a discrete view of the filesystems.

If one likes to figure out, whether or not some unknown application fills up a filesystem every night at 2:23 am for only 20 seconds, then LINUX by itself can not give the answer. Only the applications logfile or an additional daemon could do this job.