HPE Community
Operating System - HP-UX
1840234 Members
2963 Online
110162 Solutions
New Discussion

syslog.log showing zero !!!

 
rveri
Super Advisor

‎04-18-2006 02:34 AM

‎04-18-2006 02:34 AM

syslog.log showing zero !!!

All,

Syslog.log is showing is zero byte. And not logging anything. What could be the reason:

details:

-rw-r--r-- 1 root sys 0 Apr 18 09:27 syslog.log
-r--r--r-- 1 root root 97686 Mar 10 17:15 mail.log
-rw-r--r-- 1 root root 0 Apr 18 09:19 OLDsyslog.log
--------------------------------------------------------------------------

# ps -ef | grep syslogd
root 9080 9041 1 10:18:37 pts/te 0:00 grep syslogd
root 2525 1 0 09:27:04 ? 0:00 /usr/sbin/syslogd -D

--------------------------------------------------------------------------

server01 # ls -l /etc/syslog.conf
-r--r--r-- 1 bin bin 429 Apr 16 03:43 /etc/syslog.conf
server01 # cat /etc/syslog.conf
# @(#)B.11.11_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.debug;mail.none /var/adm/syslog/syslog.log
*.debug @10.16.241.11
*.debug @172.20.204.200
local3.debug @172.18.100.18
*.alert /dev/console
*.alert root
*.emerg *

server01: syslog #

---------------------------------------------------------------------------

Whats wrong!!!

Thanks,
0 Kudos
Reply
15 REPLIES 15
Geoff Wild
Honored Contributor

‎04-18-2006 02:38 AM

‎04-18-2006 02:38 AM

Re: syslog.log showing zero !!!

Did you rm the file while it was open?

Try hupping it:

kill -HUP `pid of syslogd`

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎04-18-2006 02:40 AM

‎04-18-2006 02:40 AM

Re: syslog.log showing zero !!!

It was probably rotated without restarting syslogd.

To find the PID for syslogd:

ps -ef | grep syslogd

Send hangup signal so syslogd starts writing to the new file:

kill -HUP
--
Jeff Traigle
0 Kudos
Reply
Chan 007
Honored Contributor

‎04-18-2006 02:40 AM

‎04-18-2006 02:40 AM

Re: syslog.log showing zero !!!

Try,

kill -15

Chan
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-18-2006 02:45 AM

‎04-18-2006 02:45 AM

Re: syslog.log showing zero !!!

HI:

I suspect that you removed 'syslog.log' after copying it and have not restarted the 'syslogd' daemon. If that's the case, do:

# /sbin/init.d/syslogd stop
# /sbin/init.d/syslogd start

Regards!

...JRF...
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-18-2006 02:45 AM

‎04-18-2006 02:45 AM

Re: syslog.log showing zero !!!

Hi,

If after restarting the syslogd daemon make sure you use the logger command:

logger "This is a test syslog entry"

to make sure it's now logging. If not I would highly suspect a prolem in the syslog.conf file.
You can mv out the syslog.conf file & copy down the /usr/newconfig/etc/syslog.conf file & retest.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Tiziano Contorno _
Valued Contributor

‎04-18-2006 02:45 AM

‎04-18-2006 02:45 AM

Re: syslog.log showing zero !!!

You miss the *.info descriptor.
You are appending only debug level logs to syslog.log (mail debugs excluded).

Regards.
0 Kudos
Reply
rveri
Super Advisor

‎04-18-2006 02:52 AM

‎04-18-2006 02:52 AM

Re: syslog.log showing zero !!!

Hi All ,

Fyi , the server has been rebooted manytimes , and also rebooted today.

Here as per Jeff's suggestion:
(logger also not logging anything in syslog.log )

---------

server01 # logger "This is a test for syslog.log file"
server01 #
server01 # cd /var/adm/syslog
server01 # ls -l
total 192
-rw-r--r-- 1 root root 0 Apr 18 09:19 OLDsyslog.log
-r--r--r-- 1 root root 97686 Mar 10 17:15 mail.log
-rw-r--r-- 1 root sys 0 Apr 18 09:27 syslog.log
server01:# man logger

--------------------------------------------------------------------------

Os hp-ux 11.11
-------------------------------------------------------------------------

Thanks,
veri.
0 Kudos
Reply
Chan 007
Honored Contributor

‎04-18-2006 02:56 AM

‎04-18-2006 02:56 AM

Re: syslog.log showing zero !!!

Check if you have space on /var.

Chan
0 Kudos
Reply
Ninad_1
Honored Contributor

‎04-18-2006 02:58 AM

‎04-18-2006 02:58 AM

Re: syslog.log showing zero !!!

rveri,

Try checking
fuser -u /var/adm/syslog/syslog.log
to check if syslogd has opened this file for logging.
Otherwise try
1.Stop the syslog daemon
2. Delete the syslog.log file
3. >syslog.log
4. Start syslogd daemon

Hope this resolves your problem,
Ninad
0 Kudos
Reply
Peter Godron
Honored Contributor

‎04-18-2006 03:00 AM

‎04-18-2006 03:00 AM

Re: syslog.log showing zero !!!

Hi,
1. check for non-printing characters in the filename: cat -v /etc/syslog.conf

2. logger -f /etc/syslog.conf "this is a test"
0 Kudos
Reply
Peter Godron
Honored Contributor

‎04-18-2006 03:01 AM

‎04-18-2006 03:01 AM

Re: syslog.log showing zero !!!

Hi,
1. check for non-printing characters in the filename: cat -v /etc/syslog.conf

2.
logger -f /var/adm/syslog/syslog.log "this is a test"
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-18-2006 03:07 AM

‎04-18-2006 03:07 AM

Re: syslog.log showing zero !!!

Another thing to remember is that action field *must* be separated from the selector field by TAB(s)
So if syslog.conf has been edited, spaces may have been used - that's hard to see be just looking at it. That's why I suggested copying down the newconfig file.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
rveri
Super Advisor

‎04-18-2006 10:23 PM

‎04-18-2006 10:23 PM

Re: syslog.log showing zero !!!

I have tried logger , still it doesnot logs anything in syslog.

What is the function of the IP address in the syslog.conf file. Seems it goes to another server ,

Thanks.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎04-18-2006 10:37 PM

‎04-18-2006 10:37 PM

Re: syslog.log showing zero !!!

In your syslog.conf file:

*.debug @10.16.241.11
*.debug @172.20.204.200
local3.debug @172.18.100.18

Yes, these are remote syslog servers, that is, they are receving messages from your local system. Check each of the servers:

1. Are they working computers?
1. Are they capable of remote logging?
2. Do they have entries from your local server?

If these are invalid addresses (no server or not syslog-capable) then get rid of those entries. Invalid syslog servers may be hanging your local syslogd The best solution is to replace the syslog.conf file with the original verswion from /usr/newconfig/etc.


Bill Hassell, sysadmin
0 Kudos
Reply
Chan 007
Honored Contributor

‎04-18-2006 10:40 PM

‎04-18-2006 10:40 PM

Re: syslog.log showing zero !!!

Copy syslog.conf from one more server.

Also find the syslog.conf in /etc

# @(#) $Revision: 74.1 $
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.