I accidentally deleted /var/log/syslog, Now rsyslog Won't Log anything

linux bash logging rsyslog ubuntu-16.04
7,268

Solution 1

rsyslog should re-create the file (with correct permissions)after restarting:

# mv /var/log/syslog /tmp/

# /etc/init.d/rsyslog restart
[ ok ] Restarting rsyslog (via systemctl): rsyslog.service.

# dir /var/log/syslog
-rw-r----- 1 root adm 327 Oct 27 13:28 /var/log/syslog

Perhaps try forcing a log entry to make sure it's running:

# /usr/bin/logger -p0 foo
# tail /var/log/syslog
...
Oct 27 13:31:39 myserver root: foo

Solution 2

Even though the file had been deleted, the file handle that the rsyslog was using was likely still open and being written to. lsof can be used to verify this, and can also tell you what files are open by the process if you want to see where logs are being written. pidof rsyslogd | xargs lsof -p

Solution 3

This could be an issue with SELinux. When you touch a file you create a MAC label that is not compatible with the MAC permissions needed for the logging elements. Allowing the startup to create the file attaches the correct MAC label. Even if you had changed the file permissions (DAC) you still probably would have had problems.

Share:
7,268

Related videos on Youtube

Native Coder
Author by

Native Coder

Programmer, open-source enthusiast, and father of two.

Updated on September 18, 2022

Comments

  • Native Coder
    Native Coder over 1 year

    I accidentally deleted /var/log/syslog, thinking that the system would automatically recreated it (it doesn't).

    I used touch /var/log/syslog and restarted rsyslog, but the system still isn't logging anything. I also restarted the entire server to no avail.

    the output of ls -l /var/log/syslog is

    -rwxrwxr-x 1 root root 0 Oct 27 13:16 syslog

    How can I get the system to start loggging to syslog again?

    NOTE TO FUTURE READERS

    restarting rsyslog did indeed fix the issue. The reason it didn't work for me the first time was because I created the file "syslog" using touch /var/log/syslog.

    The solution was delete /var/log/syslog. Then run sudo service rsyslog restart

    TLDR; DONT CREATE THE FILE YOURSELF. DELETE syslog, then restart rsyslog (which will create syslog for you). Problem solved.

  • Native Coder
    Native Coder over 7 years
    The problem was that I created the file myself, and THEN restarted rsyslog. Once I read this, I deleted the file, and restarted rsyslog. Problem solved. Thanks!.
  • Spooler
    Spooler over 7 years
    +1 for a good answer and username,

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Logging location of lftp
Journalctl shows logs from about last hour only
rsyslog: Log some messages only to specific file
rsyslog: How do I direct messages from all remote machines to one file?
rsyslogd: Any way to get around the number of local facilities?
Log Locally and Remotely with rsyslogd
how to filter rsyslog messages by tags
Logging a "persons" activity in Linux
How to add a timestamp to bash script log?
Redirecting command output in docker