04-30-2013 05:07 AM
we found that syslog and mail log are not updating .
it shows as zero sized file for past 15 days.
i tested with below
logger "test command"
logger -p mail.info "test mail check"
but there is no update in the log file.
then I checked with cat -t /etc/syslog.conf
$ cat /etc/syslog.conf
# syslogd configuration file.
# See syslogd(1M) for information about the format of this file.
every thing seems to be fine.
then I restarted send mail by /sbin/init.d/sendmail stop and start.
even after when I tested with logger command for checking mail log,there is no update.
I haven't tested for syslog.
04-30-2013 06:29 AM
On a 2nd look -- Your syslog.conf file looks strange.
Here is one from one of my servers:
mail.debug /var/adm/syslog/mail.log local0.info /var/adm/syslog/ipmon.log local1.info /var/adm/syslog/ems.log local2.info /var/adm/syslog/ignite.log local5.info /var/adm/syslog/ftpd.log daemon.crit /var/adm/syslog/daemon.log auth.info /var/adm/syslog/auth.log lpr.info /var/adm/syslog/lpr.log user.info /var/adm/syslog/user.log *.alert console *.alert root *.emerg *
The fields MUST be separated by one or more TABS (not spaces, but TABS). If they are not, then syslog will not work correctly.
05-01-2013 12:53 AM
After restaring syslogd ,syslog and mail log started to update.
How can i find the root cause,what is the reason both log file was not updated?
after restarting syslogd,both syslog and mail log got updated.
is there any link between syslogd and mail?
05-01-2013 06:21 PM
>> How can i find the root cause,what is the reason both log file was not updated?
The root cause is that the daemons stopped running. Since both daemons stopped, it is likely that one of your root users ran a kill command with the wrong process IDs. Or it could be a buggy script that kills the wrong programs.
05-02-2013 12:38 AM
> is there any link between syslogd and mail?
Yes. Sendmail (or whatever you're using as a Mail Transfer Agent) sends its log messages to syslogd (by writing them to syslog UNIX socket at /dev/log), and syslogd writes the actual mail log file.
Any program can use syslogd for its log messages: programs can use the openlog()/syslog()/closelog() library functions, and scripts can use the "logger" command. Writing correctly formatted messages directly to /dev/log is also possible, but trickier than using the existing functions/commands.
Syslogd is usually very reliable. If it had died on your system, the expected reasons might be:
- user error (someone with root access had stopped it and did not start it again, either accidentally or on purpose)
- malicious attack (an unauthorized person had root access on your system and did something that s/he did not want logged, so s/he killed the syslogd)
- really serious system overload (at some point, your system ran completely out of RAM/swap, so bad that syslogd could not do its job and it died)