/var/log/syslog is empty. Service rsyslog is running, but not installed
Periodically I encounter the problem that /var/log/syslog is empty.
Check the syslog config file in "/etc/syslog/syslog.conf", and specify the log destinations accordingly.
I have found out that there is a service called rsyslog, which is breaking my >normal syslog service. But rsyslog is not installed on my system, so I have no >idea what is going on, and how I can permanently remove rsyslog.
rsyslog is the default log server present in your system, and you can find its config file in "/etc/rsyslog.conf". Dont try to remove it simply disable the rsyslog daemon by executing "systemctl disable rsyslog", so that on the next boot it wont restart automatically.
Related videos on Youtube
19 : 37
10 : 19
14 : 55
02 : 16
25 : 36
Daniel Marschall
Updated on September 18, 2022Comments
-
Daniel Marschall over 1 year
Problem
Periodically I encounter the problem that /var/log/syslog is empty.
$ ls /var/log/syslog -rw-r----- 1 root adm 0 Dez 31 06:29 /var/log/syslogEnvironment and Installed packages
I am using Debian Jessie.
Aptitude shows that I have installed the package inetutils-syslogd, and the package rsyslog is not installed.
Analysis
I have tried to find the problem using following commands:
$ service syslog start Job for syslog.socket failed. See 'systemctl status syslog.socket' and 'journalctl -xn' for details. Failed to start syslog.service: Unit syslog.service failed to load: No such file or directory. $ systemctl status syslog.socket * syslog.socket - Syslog Socket Loaded: loaded (/lib/systemd/system/syslog.socket; static) Active: inactive (dead) Docs: man:systemd.special(7) http://www.freedesktop.org/wiki/Software/systemd/syslog Listen: /run/systemd/journal/syslog (Datagram) Mär 07 12:18:02 viathinksoft.de systemd[1]: Socket service syslog.service not loaded, refusing. Mär 07 12:18:02 viathinksoft.de systemd[1]: Failed to listen on Syslog Socket. $ systemctl status syslog.service * syslog.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead)Temporary solution
I have found out that there is a service called rsyslog, which is breaking my normal syslog service. But rsyslog is not installed on my system, so I have no idea what is going on, and how I can permanently remove rsyslog.
$ systemctl status rsyslog.service * rsyslog.service - LSB: enhanced syslogd Loaded: loaded (/etc/init.d/rsyslog) Active: active (exited) since Di 2016-02-09 02:42:03 CET; 3 weeks 6 days ago $ aptitude remove rsyslog Es werden keine Pakete installiert, aktualisiert oder entfernt. 0 Pakete aktualisiert, 0 zusätzlich installiert, 0 werden entfernt und 0 nicht aktualisiert. 0 B an Archiven müssen heruntergeladen werden. Nach dem Entpacken werden 0 B zusätzlich belegt sein.As temporary solution, I am running these commands:
$ service rsyslog stop $ dpkg-reconfigure inetutils-syslogdThen it will work. For a few weeks...
What can I do to solve the problem permanently?
-
Daniel Marschall about 7 yearsHello, thank you for your answer. I am still suffering from that problem. IIRC, rsyslog had the problem that it used some database for the logs, and I wanted explictly a simple text file
/var/log/syslog, and inetutils-syslogd does that. The filesyslog.socketis located at/lib/systemd/system/syslog.socketand does not contain a reference to rsyslog.service . My system does NOT contain the files /run/systemd/journal/syslog (referenced insyslog.socket), and