[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: empty log files



>>>>> "AS" == Andres Salomon <dilinger@mp3revolution.net> writes:
    AS>  i was playing w/ a kernel driver when i noticed the following:
    AS> (machine 1) -rw-r----- 1 root adm 0 Mar 25 06:49
    AS> /var/log/kern.log -rw-r----- 1 root adm 2259 Mar 20 17:59
    AS> /var/log/kern.log.0
    AS> 
    AS> (machine 2) -rw-r----- 1 root adm 0 Mar 25 06:49
    AS> /var/log/kern.log -rw-r----- 1 root adm 436938 Mar 18 18:40
    AS> /var/log/kern.log.0
    AS> 
    AS> this is rather disturbing.  my /etc/syslog.conf on both machines
    AS> contains "kern.* -/var/log/kern.log", with timestamps on the
    AS> conf files being from january.  has anyone else noticed
    AS> something similar?  i'm thinking this is either a bug w/ syslog,
    AS> or else i fucked something up.  user.log is 0 bytes as well.
    AS> the other log files are fine (messages, daemon.log, auth.log,
    AS> debug, and syslog), afaict.  has anyone else noticed anything
    AS> similar w/ debian unstable?
    AS> 

I've noticed the same problem on my firewall system which is running
kernel-2.4.2 and sid:

-rw-r-----    1 root     adm             0 Mar 25 06:48 kern.log
-rw-r-----    1 root     adm             0 Mar 18 06:48 lpr.log
-rw-r-----    1 root     adm             0 Mar 18 06:48 mail.log
-rw-r-----    1 root     adm             0 Mar 18 06:48 user.log
-rw-r-----    1 root     adm             0 Mar 18 06:48 uucp.log

/etc/syslog.conf has the following lines corresponding to the above log
files:

kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          /var/log/mail.log
user.*                          -/var/log/user.log
uucp.*                          -/var/log/uucp.log

Configuration-wise, nothing on this system has changed. I just update
some of the packages on this system periodically. I am running an
iptables firewall and the firewall configuration hasn't changed in quite
some time either - the logging rule in my iptables config hasn't
changed.

I've verified that /etc/syslog.conf has real TABs in the lines shown
above and I've restarted syslogd a number of times to no avail.

The kernel's ring buffer (seen using dmesg) has a lot of output from
iptables about dropped packets but this output doesn't show up in
/var/log/kern.log anymore.

-- 
Salman Ahmed
ssahmed AT pathcom DOT com



Reply to: