Accidentally deleted /var/log/syslog

14.04 log logging syslog rsyslog

10,354

Solution 1

As @Rinzwind pointed out: the permissions on the /var/log directory may have accidentally been changed. In a fresh install they are drwxrwxr-x.

Change your permissions:

# chmod 775 /var/log

and # systemctl restart rsyslog (or reboot). Test the syslog facility with:

$ logger "this message should end up in syslog"

Solution 2

Same problem with server Ubuntu 16.04 LTS. I deleted /var/log/syslog.

Problem is the OWNER / Group of the syslog file !

Solution :

create an empty syslog file
With Ubuntu 16.04, the owner group must be syslog:adm
restart
test with logger

Commands:

cd /var/log
touch syslog
chown syslog:adm syslog
service rsyslog restart
logger "Didier MISSON logger test"

You must see the message in the syslog:

less syslog

10,354

Hagai

Updated on September 18, 2022

Comments

Hagai over 1 year
I accidentally deleted /var/log/syslog and now I can't get rsyslog working.

I was googling, I tried everything I found. To be precise:

I created syslog with touch.

Then I set chmod and chown correctly. Now ls -al gives this result:
```
-rw-r-----  1 syslog            adm           0 jún   23 02:36 syslog
-rw-r-----  1 syslog            adm     1557257 jún   23 01:33 syslog.1
-rw-r-----  1 syslog            adm      156618 jún   22 07:51 syslog.2.gz
-rw-r-----  1 syslog            adm      155851 jún   21 07:45 syslog.3.gz
-rw-r-----  1 syslog            adm      155199 jún   20 07:35 syslog.4.gz
-rw-r-----  1 syslog            adm      159709 jún   19 07:37 syslog.5.gz
-rw-r-----  1 syslog            adm      156035 jún   18 07:52 syslog.6.gz
-rw-r-----  1 syslog            adm      158478 jún   17 07:55 syslog.7.gz
```
Then I restarted rsyslog service:
```
service rsyslog restart
```
I rebooted the system several times.

I even re-installed rsyslog with apt-get purge and apt-get install

But none of these helped me. As you can see above, syslog still has a length of 0 bytes, nothing gets logged.

Edit:

Even when I'm trying to log something manually, nothing gets logged:
```
# ls -al /var/log/syslog
-rw-r----- 1 syslog adm 0 jún   23 14:04 /var/log/syslog
# logger "this message should end up in syslog"
# ls -al /var/log/syslog
-rw-r----- 1 syslog adm 0 jún   23 14:04 /var/log/syslog
```
Permissions of /var and /var/log:
```
# ls -al /var
drwxr-xr-x 14 root root     4096 dec   16  2015 .
drwxr-xr-x 24 root root     4096 máj   31 14:14 ..
...
drw-rw---- 22 root syslog   4096 jún   23 14:05 log
```
I'm on ubuntu 14.04
- Hagai almost 8 years
  
  @Jos Now I tried it, nothing
- Jos almost 8 years
  
  Is rsyslog running? What does sudo service rsyslog status say?
- Hagai almost 8 years
  
  @Jos rsyslog start/running, process 513
- Rinzwind almost 8 years
  
  did you perhaps change permissions of either /var or /var/log/? is /var on a partition and full? start rsyslog manually under strace and see if it complains
- Hagai almost 8 years
  
  @Jos Please see my update. I don't remember changing them but it could be a problem. Since on my local 16.04 machine /var/log has drwxrwxr-x permissions
- Jos almost 8 years
  
  Permissions of /var/log on my system are drwxrwxr-x.
- Rinzwind almost 8 years
  
  jups. must be it: /var/log drwxrwxr-x the drw-rw---- is not good.
- Rinzwind almost 8 years
  
  @Jos you make an answer? >:-D
- Hagai almost 8 years
  
  Thank you guys, chmod 775 /var/log/ and a reboot helped!
Alexander Mills over 4 years

how to "restart" rsyslog? perhaps you mean systemctl restart rsyslog? please be more spacafic
Jos over 4 years

Yes, that would be sudo systemctl restart rsyslog, or (on older systems) sudo service rsyslog restart.