SUMMARY: why has logging stopped

Hi all,
Logging into syslog.dated seems to have stopped on
my 5.1B system on Feb 17th at around 11.27am:

# ls -l /var/adm/syslog.dated/
total 2
drwxr-xr-x 2 root adm 512 Feb 15 11:26 15-Feb-11:26
drwxr-xr-x 2 root adm 512 Feb 16 11:27 16-Feb-11:27
lrwxr-xr-x 1 root adm 12 Feb 16 11:27 current -> 16-Feb-11:27

# ls -l /var/adm/syslog.dated/current/
total 10040
-rw-r----- 1 root adm 60627 Feb 17 11:24 auth.log
-rw-r----- 1 root adm 317782 Feb 17 11:27 daemon.log
-rw-r----- 1 root adm 10598 Feb 17 11:15 kern.log
-rw-r----- 1 root adm 745 Feb 16 18:20 lpr.log
-rw-r----- 1 root adm 9855365 Feb 17 11:27 mail.log
-rw-r----- 1 root adm 7697 Feb 17 11:27 syslog.log
-rw-r----- 1 root adm 0 Feb 16 11:27 user.log

syslogd is running:
# ps -ef | grep syslogd
root 581 1 0.0 Jan 14 ?? 14:54.54 /usr/sbin/syslogd -e

plenty of disk space:
# df -k /var
Filesystem 1024-blocks Used Available Capacity Mounted on
/dev/disk/dsk0d 1969183 940584 831680 54% /var


What could cause this?
What is it that causes the logs to rotate anyway? I cant see
anything in root's crontab to do this.
Is it time for a reboot?

Well, I stopped and restarted syslogd (/sbin/init.d/syslogd stop/start)
and loging resumed as normal. I dont know why it stopped in the first place...


Also, when I look at /etc/syslogd.conf, it seems to be set up
to log into the wrong place - shouldnt stuff be going into
/var/adm/syslog.dated/current/... and not /var/adm/syslog.dated/...

Damn. I should have read a bit more of syslogd man pages.
Sorry if I've wasted anyone's time here.

T.



Cheers,
Terry.


# syslogd config file
#
# facilities: kern user mail daemon auth syslog lpr binary
# priorities: emerg alert crit err warning notice info debug
kern.debug /var/adm/syslog.dated/kern.log
user.debug /var/adm/syslog.dated/user.log
mail.debug /var/adm/syslog.dated/mail.log
daemon.debug /var/adm/syslog.dated/daemon.log
auth.debug /var/adm/syslog.dated/auth.log
syslog.debug /var/adm/syslog.dated/syslog.log
lpr.info /var/adm/syslog.dated/lpr.log

msgbuf.err /var/adm/crash/msgbuf.savecore

kern.debug /var/adm/messages
kern.debug /dev/console
*.emerg *
# %LGT611_BEGIN% - DO NOT MODIFY OR DELETE (Wed Sep 3 13:20:50 2003)
# The following lets NetWorker use the syslog facility
daemon.notice /dev/console
daemon.notice /nsr/logs/messages
daemon.notice operator
local0.notice /nsr/logs/summary
local0.alert root, operator
# %LGT611_END% - DO NOT MODIFY OR DELETE

Relevant Pages

  • Re: [fw-wiz] syslog and network management
    ... Good idea to try a different syslogd. ... I don't need it to do any filtering (not by apps, ... recieve logs (checking to see if it needs to add host and timestamp to the ... we noticed a LOT of missing logs, when we changed to the default debian ...
    (Firewall-Wizards)
  • syslogd: Could not completely output pending messages while preparing re-configuration
    ... Every 3:10 in the morning on Sunday, it logs: ... It seems like syslogd is buffering some of the output. ... # if a non-loghost machine chooses to have authentication messages ...
    (comp.unix.solaris)
  • Re: Prevent remote root logins
    ... autorized admins log on remotely with their personal accounts created ... Example: user evilguy, ... uid=0, copies a special syslogd to the box, kills and restarts syslogd ... you're cracked, and logging won't help you, because the logs are no ...
    (comp.os.linux.security)
  • 2.6.10-rc3, syslogd hangs then processes get stuck in schedule_timeout
    ... usually after logs have been rotated and a dvd has been written. ... If the problem is detected early enough, syslogd can be manually killed ... least 2.6.8.1, both smp and nosmp. ... #3 0x0804f8dc in optind ...
    (Linux-Kernel)
  • Re: security logs being mailed to root
    ... >> If the logs and such exist, then syslogd is probably OK. ... >> HTH, ... > of mine has a fresh install of 5.3 and he gets the logs, ... To unsubscribe, ...
    (freebsd-questions)