Re: syslog and mail log not updating (1470 Views)
Reply
Occasional Advisor
Posts: 17
Registered: ‎04-16-2013
Message 1 of 7 (1,537 Views)

syslog and mail log not updating

HI

 

os:v2.

 

we found that syslog and mail log are not updating .

 

it shows as zero sized file for past 15 days.

 

i tested with below

 

logger "test command"

 

logger -p mail.info "test mail check"

 

but there is no update in the log file.

 

then I checked with cat -t /etc/syslog.conf

 

$ cat /etc/syslog.conf
# @(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug^I/var/adm/syslog/mail
*.info;mail.none^I/var/adm/syslog/syslog.log
*.emerg^I/var/adm/log/emergency/emergency
*.alert^I/var/adm/log/alert/alert
*.err^I/var/adm/log/error/error
*.crit^I/var/adm/log/critical/critical
*.warning^I/var/adm/log/warning/warning
*.info^I/var/adm/log/information/information
$

every thing seems to be fine.

 

then I restarted send mail by /sbin/init.d/sendmail stop and start.

 

 

even after when I tested with logger command for checking mail log,there is no update.

 

I haven't tested for syslog.

Honored Contributor
Posts: 13,876
Registered: ‎06-21-2000
Message 2 of 7 (1,511 Views)

Re: syslog and mail log not updating

Syslog is what controls all of the logging.

 

First check to see if syslogd is running.

 

# ps -ef |grep syslog

 

If it is not,

 

# /sbin/init.d/syslogd start

Honored Contributor
Posts: 13,876
Registered: ‎06-21-2000
Message 3 of 7 (1,509 Views)

Re: syslog and mail log not updating

On a 2nd look -- Your syslog.conf file looks strange.

 

Here is one from one of my servers:

mail.debug      /var/adm/syslog/mail.log
local0.info     /var/adm/syslog/ipmon.log
local1.info     /var/adm/syslog/ems.log
local2.info     /var/adm/syslog/ignite.log
local5.info     /var/adm/syslog/ftpd.log
daemon.crit     /var/adm/syslog/daemon.log
auth.info       /var/adm/syslog/auth.log
lpr.info        /var/adm/syslog/lpr.log
user.info       /var/adm/syslog/user.log

*.alert         console
*.alert         root
*.emerg         *

 The fields MUST be separated by one or more TABS (not spaces, but TABS).  If they are not, then syslog will not work correctly.

Occasional Advisor
Posts: 17
Registered: ‎04-16-2013
Message 4 of 7 (1,490 Views)

Re: syslog and mail log not updating

Hi

 

After restaring syslogd ,syslog and mail log started to update.

 

How can i find the root cause,what is the reason both log file was not updated?

 

after restarting syslogd,both syslog and mail log got updated.

 

is there any link between syslogd and mail?

Honored Contributor
Posts: 14,367
Registered: ‎05-29-2000
Message 5 of 7 (1,480 Views)

Re: syslog and mail log not updating

>> How can i find the root cause,what is the reason both log file was not updated?

 

The root cause is that the daemons stopped running. Since both daemons stopped, it is likely that one of your root users ran a kill command with the wrong process IDs. Or it could be a buggy script that kills the wrong programs.

Regular Advisor
Posts: 140
Registered: ‎12-28-2012
Message 6 of 7 (1,474 Views)

Re: syslog and mail log not updating

Hi ,

 

Also check for any sort commands used in your application , which goes in loop and fills up /var and inturn stops syslog logging.

 

 

Highlighted
Honored Contributor
Posts: 6,271
Registered: ‎12-02-2001
Message 7 of 7 (1,470 Views)

Re: syslog and mail log not updating

> is there any link between syslogd and mail?

 

Yes. Sendmail (or whatever you're using as a Mail Transfer Agent) sends its log messages to syslogd (by writing them to syslog UNIX socket at /dev/log), and syslogd writes the actual mail log file.

 

Any program can use syslogd for its log messages: programs can use the openlog()/syslog()/closelog() library functions, and scripts can use the "logger" command. Writing correctly formatted messages directly to /dev/log is also possible, but trickier than using the existing functions/commands.

 

Syslogd is usually very reliable. If it had died on your system, the expected reasons might be:

  • user error (someone with root access had stopped it and did not start it again, either accidentally or on purpose)
  • malicious attack (an unauthorized person had root access on your system and did something that s/he did not want logged, so s/he killed the syslogd)
  • really serious system overload (at some point, your system ran completely out of RAM/swap, so bad that syslogd could not do its job and it died)
MK
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.