Why is Syslog Not Writing Logs To The Designated Files?
Solution 1
Did you restart syslogd? You can also use lsof -f -p <pid-of-syslogd>
to see what log files it has open. The syslog.conf looks right, you might want to post your apache configuration.
Solution 2
For those lost in googling with similar symptoms after an update from Ubuntu LTS 12.04 to 14.04.1: syslog was replaced by rsyslog, which is for some reason not installed by the distribution-upgrade.
solution is to apt-get install rsyslog
Related videos on Youtube
lakshmi
Updated on September 17, 2022Comments
-
lakshmi over 1 year
I've been trying to route Apache's logs through Syslog (for some reason log rotation had stopped, and using Syslog and logrotate seemed a reasonable solution).
I have sent Apache's error logs to local7 and piped the access logs to local6 via the logger program.
I want Syslog to write the error and access logs to
/var/log/apache2/error.log
and/var/log/apache2/access.log
respectively.To that end I have added the following to
/etc/syslog.conf
:# Logging for Apache using local7 facility for error messages # and local6 for access log # Added 20/06/2010 by Chris Bunney local7.* /var/log/apache2/error.log local6.* /var/log/apache2/access.log
I know that the error and access logs are being sent to Syslog correctly because they are showing up in
/var/log/syslog
, however they are not being written to the files I want.The original file permissions of the target files:
-rw-r----- 1 root adm 0 2010-06-20 23:01 access.log
The current file permissions of the target files that I have been using to try and rule out such things causing issues:
-rw-rw-rw- 1 syslog adm 0 2010-06-20 23:01 access.log
Everything looks fine to me, so why aren't the messages Syslog is receiving being written to the files I want? Have I missed something simple?
Full Output of
cat /etc/syslog.conf
:# /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # Logging for INN news system # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # Logging for Apache using local7 facility for error messages # and local6 for access log # Added 20/06/2010 by Chris Bunney local7.* /var/log/apache2/error.log local6.* /var/log/apache2/access.log # # Some `catch-all' logfiles. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg * # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole
-
lakshmi almost 14 yearsYep, I missed something simple. I must have restarted everything but syslog. Restarted Syslog and it worked fine. Sorry, but I don't have the rep for an upvote. Now, I think I ought to go to bed, the lack of sleep is obviously having negative effects...
-
user568021 over 4 yearsI'm such a sad person. Restarting syslog doesn't solve the problem for me.