Syslog not working

Virtualmin
1

Hi Everyone,

I cannot get any form of syslog to work.

It worked at one point and then just stopped working…and unfortunately I don’t have a logs to show why…syslog or messages.

I’ve tried;

apt-get install rsyslog
apt-get syslog-ng

I believe there’s a third option as well, but I don’t recall. I’ve installed and removed them a few times to see if doing this work.

Is there a native syslog for Virtualmin? Is there a command or module that may have been deleted, or can I re-install Virtualmin on top of the current install to correct issues or missing features?

My setup is;

Virtualmin
Ubuntu
Apache2

I searched the forum and none of the options worked.

Worst case, which I don’t mind doing and sometimes the quickest option, wiping out everything and reinstalling everything from scratch

Please let me know what’s best.

Thank You to everyone in advance.

M

2

Howdy,

What is it exactly that’s not working? Are you saying all the logs in /var/log aren’t being populated?

Virtualmin doesn’t actually use syslog – that’s performed by the syslog service installed and configured by your distro.

If that’s no longer working, there could be something wrong with the syslog service, or configuration.

It sounds like you were working with several different syslog services there, which may make it a little trickier to determine the actual issue… but what you may want to do is go back to the original syslog service installed by your distro, and to work from there.

Which Ubuntu version is it that you’re using? Based on that, we can determine which package to install.

-Eric

3

Thanks.

It’s Ubuntu 14.04 x64

Some logs work and some don’t.

It almost appears as if no logs are working, with the exception of a few. For instance the CSF logs work and show that they cannot access the syslog or messages.

4

Howdy,

Doing a little Googling, it appears that Ubuntu 14.04 uses rsyslog by default.

First, we’d want to make sure that’s installed – you can do that with this command:

apt-get install rsyslog

Once that’s complete, what is the output of this command:

ps auxw | grep log | grep -v dovecot

5

Thanks. I was thinking the same thing and wondered what went wrong.

:/# ps auxw | grep log | grep -v dovecot

syslog 10958 0.0 0.0 186156 1632 ? Ssl Mar02 0:00 rsyslogd

root 14550 0.0 0.0 8812 764 pts/1 S+ 01:20 0:00 grep --color=auto log

:/#

6

Howdy,

It does look like it’s running now. Are you seeing any log messages? And if you start or restart the service, do you see any errors or warnings on the command line?

-Eric

7

Hi,

  1. The service is running

  2. No messages in the logs

  3. No errors or warnings when the service is restarted

Thanks for your help so far :slight_smile:

8

Okay, so firstly, what is the output of this command:

df -h

Second, there should be an rsyslog.conf file somewhere in /etc/. Can you post it’s contents?

-Eric

9
root@mail:/# df -h Filesystem Size Used Avail Use% Mounted on /vz/private/222 40G 1.8G 39G 5% / none 3.0G 4.0K 3.0G 1% /dev none 4.0K 0 4.0K 0% /sys/fs/cgroup none 615M 84K 615M 1% /run none 5.0M 0 5.0M 0% /run/lock none 3.0G 0 3.0G 0% /run/shm none 100M 0 100M 0% /run/user root@mail:/# # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################

MODULES

#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability

provides UDP syslog reception

#$ModLoad imudp
#$UDPServerRun 514

provides TCP syslog reception

#$ModLoad imtcp
#$InputTCPServerRun 514

Enable non-kernel facility klog messages

$KLogPermitNonKernelFacility on

###########################

GLOBAL DIRECTIVES

###########################

Use traditional timestamp format.

To enable high precision timestamps, comment out the following line.

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Filter duplicated messages

$RepeatedMsgReduction on

Set the default permissions for all log files.

$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

Where to place spool and state files

$WorkDirectory /var/spool/rsyslog

Include all config files in /etc/rsyslog.d/

$IncludeConfig /etc/rsyslog.d/*.conf
10

Okay, that much looks good – you aren’t out of space, and you’re rsyslog.conf file looks okay.

Next, you’d want to review the various .conf files in /etc/rsyslog.d/.

There should be config files there that define the various log files that rsyslog would be writing to.

-Eric

11

Here’s the 50-default file

Default rules for rsyslog.

For more information see rsyslog.conf(5) and /etc/rsyslog.conf

First some standard log files. Log by facility.

auth,authpriv.* -/var/log/auth.log
.;auth,authpriv.none /var/log/syslog
#cron.* -/var/log/cron.log
#daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
#user.* -/var/log/user.log

Logging for the mail system. Split it up so that

it is easy to write scripts to parse these files.

#mail.info -/var/log/mail.info
#mail.warn -/var/log/mail.warn
mail.err -/var/log/mail.err

Logging for INN news system.

news.crit -/var/log/news/news.crit
news.err -/var/log/news/news.err
news.notice -/var/log/news/news.notice

Some “catch-all” log files.

#*.=debug;\

auth,authpriv.none;\

news.none;mail.none -/var/log/debug

#.=info;.=notice;*.=warn;\

auth,authpriv.none;\

cron,daemon.none;\

mail,news.none /var/log/messages

Emergencies are sent to everybody logged in.

.emerg :omusrmsg:

I like to have messages displayed on the console, but only on a virtual

console I usually leave idle.

#daemon,mail.*;\

news.=crit;news.=err;news.=notice;\

.=debug;.=info;\

.=notice;.=warn /dev/tty8

The named pipe /dev/xconsole is for the `xconsole’ utility. To use it,

you must invoke xconsole' with the -file’ option:

$ xconsole -file /dev/xconsole […]

NOTE: adjust the list below, or you’ll go crazy if you have a reasonably

busy site…

daemon.;mail.;
news.err;
.=debug;.=info;
.=notice;.=warn |/dev/xconsole

12

Hmm, so what is the output of this command:

ls /etc/rsyslog.d/

If the filenames in there don’t end in “.conf”, they won’t be included in the syslog config.

-Eric

13

Just these two

50-default.conf
postfix.conf

I checked my other installs and it’s only those two files.

Here is the information in postfix.conf

Create an additional socket in postfix’s chroot in order not to break

mail logging when rsyslog is restarted. If the directory is missing,

rsyslog will silently skip creating the socket.

$AddUnixListenSocket /var/spool/postfix/dev/log

14

Howdy,

Sorry, I’m really not sure what’s wrong… the only other thing I can offer is that you could try copying the config files for rsyslog from another working system.

But other than that, it sounds like something may be broken – and I think it’ll take someone digging around on your system for a bit to determine what the problem there is.

-Eric

15

Eric,

I tried that as well. Just seems to be one of those things.

Time to backup and reinstall :slight_smile:

Thank You for all your help.