Hi Everyone,
I cannot get any form of syslog to work.
It worked at one point and then just stopped working....and unfortunately I don't have a logs to show why....syslog or messages.
I've tried;
apt-get install rsyslog apt-get syslog-ng
I believe there's a third option as well, but I don't recall. I've installed and removed them a few times to see if doing this work.
Is there a native syslog for Virtualmin? Is there a command or module that may have been deleted, or can I re-install Virtualmin on top of the current install to correct issues or missing features?
My setup is;
Virtualmin Ubuntu Apache2
I searched the forum and none of the options worked.
Worst case, which I don't mind doing and sometimes the quickest option, wiping out everything and reinstalling everything from scratch
Please let me know what's best.
Thank You to everyone in advance.
M
Howdy,
What is it exactly that's not working? Are you saying all the logs in /var/log aren't being populated?
Virtualmin doesn't actually use syslog -- that's performed by the syslog service installed and configured by your distro.
If that's no longer working, there could be something wrong with the syslog service, or configuration.
It sounds like you were working with several different syslog services there, which may make it a little trickier to determine the actual issue... but what you may want to do is go back to the original syslog service installed by your distro, and to work from there.
Which Ubuntu version is it that you're using? Based on that, we can determine which package to install.
-Eric
Thanks.
It's Ubuntu 14.04 x64
Some logs work and some don't.
It almost appears as if no logs are working, with the exception of a few. For instance the CSF logs work and show that they cannot access the syslog or messages.
Howdy,
Doing a little Googling, it appears that Ubuntu 14.04 uses rsyslog by default.
First, we'd want to make sure that's installed -- you can do that with this command:
apt-get install rsyslogOnce that's complete, what is the output of this command:
ps auxw | grep log | grep -v dovecotThanks. I was thinking the same thing and wondered what went wrong.
:/# ps auxw | grep log | grep -v dovecot
syslog 10958 0.0 0.0 186156 1632 ? Ssl Mar02 0:00 rsyslogd
root 14550 0.0 0.0 8812 764 pts/1 S+ 01:20 0:00 grep --color=auto log
:/#
Howdy,
It does look like it's running now. Are you seeing any log messages? And if you start or restart the service, do you see any errors or warnings on the command line?
-Eric
Hi,
The service is running
No messages in the logs
No errors or warnings when the service is restarted
Thanks for your help so far :)
Okay, so firstly, what is the output of this command:
df -hSecond, there should be an rsyslog.conf file somewhere in /etc/. Can you post it's contents?
-Eric
root@mail:/# df -hFilesystem Size Used Avail Use% Mounted on
/vz/private/222 40G 1.8G 39G 5% /
none 3.0G 4.0K 3.0G 1% /dev
none 4.0K 0 4.0K 0% /sys/fs/cgroup
none 615M 84K 615M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 3.0G 0 3.0G 0% /run/shm
none 100M 0 100M 0% /run/user
root@mail:/#
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Okay, that much looks good -- you aren't out of space, and you're rsyslog.conf file looks okay.
Next, you'd want to review the various .conf files in /etc/rsyslog.d/.
There should be config files there that define the various log files that rsyslog would be writing to.
-Eric
Here's the 50-default file
Default rules for rsyslog.#
For more information see rsyslog.conf(5) and /etc/rsyslog.conf#
First some standard log files. Log by facility.# auth,authpriv.* -/var/log/auth.log .;auth,authpriv.none /var/log/syslog
cron.* -/var/log/cron.log daemon.* -/var/log/daemon.logkern.* -/var/log/kern.log
lpr.* -/var/log/lpr.logmail.* -/var/log/mail.log
user.* -/var/log/user.log#
Logging for the mail system. Split it up so that it is easy to write scripts to parse these files.#
mail.info -/var/log/mail.info mail.warn -/var/log/mail.warnmail.err -/var/log/mail.err
#
Logging for INN news system.# news.crit -/var/log/news/news.crit news.err -/var/log/news/news.err news.notice -/var/log/news/news.notice
#
Some "catch-all" log files.#
*.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug .=info;.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\mail,news.none /var/log/messages
#
Emergencies are sent to everybody logged in.# .emerg :omusrmsg:
#
I like to have messages displayed on the console, but only on a virtual console I usually leave idle.#
daemon,mail.*;\ news.=crit;news.=err;news.=notice;\ .=debug;.=info;\ .=notice;.=warn /dev/tty8 The named pipe /dev/xconsole is for the `xconsole' utility. To use it, you must invokexconsole' with the-file' option: $ xconsole -file /dev/xconsole [...]#
NOTE: adjust the list below, or you'll go crazy if you have a reasonably busy site..# daemon.;mail.;\ news.err;\ .=debug;.=info;\ .=notice;.=warn |/dev/xconsole
Hmm, so what is the output of this command:
ls /etc/rsyslog.d/If the filenames in there don't end in ".conf", they won't be included in the syslog config.
-Eric
Just these two
50-default.conf postfix.conf
I checked my other installs and it's only those two files.
Here is the information in postfix.conf
Create an additional socket in postfix's chroot in order not to break mail logging when rsyslog is restarted. If the directory is missing, rsyslog will silently skip creating the socket.$AddUnixListenSocket /var/spool/postfix/dev/log
Howdy,
Sorry, I'm really not sure what's wrong... the only other thing I can offer is that you could try copying the config files for rsyslog from another working system.
But other than that, it sounds like something may be broken -- and I think it'll take someone digging around on your system for a bit to determine what the problem there is.
-Eric
Eric,
I tried that as well. Just seems to be one of those things.
Time to backup and reinstall :)
Thank You for all your help.