Hi all,I have now tried to use packetfence on CentOS, as they claim CentOS is their best supported platform. Now rsyslog logging works as expected:
- shutdown rsyslog - delete files from the log directory - start rsyslog and only new/recent logs start appearing.I have no idea why debian behaves as it does, but I'm happy to use centos for this particular install.
Thanks again for your answers. MJ On 14-12-2019 9:58, Andrei POPESCU wrote:
On Sb, 14 dec 19, 10:28:29, Andrei POPESCU wrote:On Vi, 13 dec 19, 20:47:49, mj wrote:Hi Andrei, So:root@pf:~# ps aux | grep rsyslog root 11250 0.8 3.3 872116 274200 ? Ssl 15:37 2:26 /usr/sbin/rsyslogd -n root 23873 0.0 0.0 12780 968 pts/0 S+ 20:25 0:00 grep rsyslog root@pf:~# service rsyslog stop root@pf:~# ps aux | grep rsyslog root 23909 0.0 0.0 12780 1020 pts/0 S+ 20:25 0:00 grep rsyslogroot@pf:~# rm -f /usr/local/pf/logs/* root@pf9:~# lsof | grep /usr/local/pf/logs snmptrapd 23941 root 3w REG 8,1 23 67605574 /usr/local/pf/logs/snmptrapd.logand yes: the file snmptrapd.log is the exception, all other files (20, 25 of them) are gone, remain gone, and are not listed in lsof as open. Then, when starting rsyslog again, this time in debug mode ("rsyslogd -dn") it shows that it IS in fact writing those logs:[...]As you can see from the lines above: these are old log lines from Dec 6.On a quick look at the "queued" mode seems to be related. As I'm not^^^^^^^^^^^ the manpage Sorry, edited it out.using rsyslog myself I can't help further.Kind regards, Andrei