HPE Community
Operating System - Linux
1819804 Members
3170 Online
109607 Solutions
New Discussion

syslog is not logging events

 
SOLVED
Go to solution
Ralf Seefeldt
Valued Contributor

‎10-08-2012 02:39 AM

‎10-08-2012 02:39 AM

syslog is not logging events

Hi all,
I have a customer running a bunch of LINUX server (Oracle with RedHat Kernel 2.6.18-194.3.1.0.1.el5 ).
My problem is, that the syslog files are nearly empty.
One example (with a logrotate every week) is:

=========
    # cat /var/log/messages.1
    Sep 30 04:02:02 <hostname> syslogd 1.4.1: restart.
=========
That's all

no auditd logs.
Today, we had a full local filesystem. There are no messages about this in the messages.

The syslog configuration seems OK to me. syslogd and klogd are running.

Where can I adjust the config for syslog to log as expected (vx_nospace, kernel, auditd, ...)?

My config is:

=============================
cat syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

==================
cat  /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".


=========================
ps -ef | grep log
root      8482 12522  0 11:17 pts/1    00:00:00 grep log
root      9857     1  0 11:06 ?        00:00:00 syslogd -m 0
root      9862     1  0 11:06 ?        00:00:00 klogd -x
...

 

Any help will be greatly appreciated.

 

Bye

Ralf

0 Kudos
Reply
2 REPLIES 2
Ralf Seefeldt
Valued Contributor

‎10-08-2012 04:22 AM

‎10-08-2012 04:22 AM

Re: syslog is not logging events

/proc/kmesg doesn't produce any message, when a filesystem (/boot) runs full.

0 Kudos
Reply
Ralf Seefeldt
Valued Contributor

‎10-10-2012 02:51 AM

‎10-10-2012 02:51 AM

Solution

Re: syslog is not logging events

I figured out, that there is really no way to get historical informationen about filled up fielsystems. It is simply not tracked by LINUX.

Tools like logwatch would do the job, but with the restriction, that they do not run permanently and provide only a discrete view of the filesystems.

If one likes to figure out, whether or not some unknown application fills up a filesystem every night at 2:23 am for only 20 seconds, then LINUX by itself can not give the answer. Only the applications logfile or an additional daemon could do this job.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.