6

I've been running a Ubuntu VPS for a few weeks now, so a couple of monthly log rotations took place yestarday. For things like /var/log/wtmp things look as expected: logfile has recent entries, while logfile.1 older entries. However, /var/log/syslog is now empty, even after restarting rsyslog. Any ideas?

I should mention that this is not a duplicate of the similar question Syslog not logging anything. As I haven't modified any of the default settings, /var/log/syslog is included by default in /etc/rsyslog.d/50-default.conf:

*.*;auth,authpriv.none          -/var/log/syslog

Thanks in advance.

Community
  • 1
ezequiel-garzon
  • 577
  • 2
  • 7
  • 16

1 Answers1

6

I don't know what might be happening, but I've got a few questions that could help to debug it:

  • Is rsyslogd running? (obvious, but just in case ...)
  • If you execute the command "logger test", does anything appear in /var/log/syslog?
  • Does /dev/log exist, with permissions for everyone to read and write? Is it a socket? ("file /dev/log")
  • What happens in you stop rsyslogd and then run it with "-d"? Does it output any error? Does it output a start message to /var/log/syslog?
  • Does anything change if you move the contents of /etc/rsyslog.d out of the way, and restart rsyslog just with the basic configuration?

Hope this helps.

rsuarez
  • 384
  • 5
  • 11
  • First time problem was with owner on `/var/log/syslog` being `root:root`. But then I have changed to `syslog:adm` and logs started writting after restarting service, but still after logrotate logs are not written. Thank your for second suggest `logger test`, I will test it on next stuck. `rsyslogd -d | grep error` doesn't show any errors. Upvoting your answer. – happy_marmoset Apr 06 '16 at 10:43
  • Boom! A bad config file inside `/etc/rsyslog.d` was today's culprit. – Dale C. Anderson Aug 16 '18 at 19:33