2

Recently sendmail stopped accepting messages for delivery on my Solaris 10 x86 machine. I am trying to diagnose the problem but syslog doesn't seem to be working either. My /etc/syslog.conf:

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
auth.info               /var/log/authlog

mail.info               /var/log/maillog


#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
local7.debug                                    /var/log/mimedefang
user.emerg                                      *
)

/var/log/authlog works. So does /var/log/mimedefang and /var/adm/messages. However, /var/log/syslog is empty and the last line in /var/log/syslog.0 is from over a month ago. /var/log/maillog is also empty. I have restarted system-log and sendmail multiple times using svcadm. Is there something wrong with my syslog.conf?

jamesbtate
  • 567
  • 2
  • 6
  • 14
  • 2
    Am I misreading things, or is there no mention of /var/log/syslog in that syslog.conf? – MadHatter Oct 20 '10 at 18:24
  • 1
    Maybe Solaris is different but that `syslog.conf` make no reference to `/var/log/syslog` Also you can test with `logger -p mail.info test` to test just syslog and not the syslog/sendmail combination. – Mark Wagner Oct 20 '10 at 18:26
  • so you're right. the only line that mentioned /var/log/syslog was the mail.info line before I changed it to /var/log/maillog . And /var/log/maillog works now. After about 12 restarts of system-log it started working. – jamesbtate Oct 20 '10 at 18:29
  • Everything works as it should now. Someone answer with something semi-intelligent and I will accept. – jamesbtate Oct 20 '10 at 18:30

3 Answers3

1

My /etc/syslog.conf (andLinux) contains 

*.*;auth,authpriv.none          -/var/log/syslog

The one you posted doesn't mention /var/log/syslog.

RedGrittyBrick
  • 3,832
  • 1
  • 17
  • 23
1

As @MadHatter states above, syslog.conf does not mention /var/log/syslog anywhere. Therefore, no logs will be written to /var/log/syslog.

If I remember right, most Solaris systems had a line which looks like this in syslog.conf:

mail.info                     ifdef(`LOGHOST', /var/log/syslog, @loghost)

OR

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

OR

mail.info                     /var/log/syslog
Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
1

For me the solution was: At some point the old kernel logger daemon got upgraded to rsyslogd. When this happened the logs owned by “messagebus” got left owned by "messagebus", but couldn't be written to by "syslog".

Changing ownsership of these logs to "syslog" and restarting syslogd was sufficient to fix.

Erik Aronesty
  • 306
  • 2
  • 8