6

I've been running a Ubuntu VPS for a few weeks now, so a couple of monthly log rotations took place yestarday. For things like /var/log/wtmp things look as expected: logfile has recent entries, while logfile.1 older entries. However, /var/log/syslog is now empty, even after restarting rsyslog. Any ideas?

I should mention that this is not a duplicate of the similar question Syslog not logging anything. As I haven't modified any of the default settings, /var/log/syslog is included by default in /etc/rsyslog.d/50-default.conf:

*.*;auth,authpriv.none -/var/log/syslog

Thanks in advance.

Improve this question

1 Answer 1

Reset to default
6

I don't know what might be happening, but I've got a few questions that could help to debug it:

  • Is rsyslogd running? (obvious, but just in case ...)
  • If you execute the command "logger test", does anything appear in /var/log/syslog?
  • Does /dev/log exist, with permissions for everyone to read and write? Is it a socket? ("file /dev/log")
  • What happens in you stop rsyslogd and then run it with "-d"? Does it output any error? Does it output a start message to /var/log/syslog?
  • Does anything change if you move the contents of /etc/rsyslog.d out of the way, and restart rsyslog just with the basic configuration?

Hope this helps.

Improve this answer
2
  • First time problem was with owner on /var/log/syslog being root:root. But then I have changed to syslog:adm and logs started writting after restarting service, but still after logrotate logs are not written. Thank your for second suggest logger test, I will test it on next stuck. rsyslogd -d | grep error doesn't show any errors. Upvoting your answer. Commented Apr 6, 2016 at 10:43
  • Boom! A bad config file inside /etc/rsyslog.d was today's culprit. Commented Aug 16, 2018 at 19:33

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.