Your message dated Thu, 25 Oct 2018 21:07:58 +0200
with message-id <[email protected]>
and subject line Re: Bug#911798: /usr/sbin/rsyslogd: Upgrade in 2018-06 caused
rsyslogd to not log to auth.log and other files
has caused the Debian Bug report #911798,
regarding /usr/sbin/rsyslogd: Upgrade in 2018-06 caused rsyslogd to not log to
auth.log and other files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
911798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911798
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rsyslog
Version: 8.24.0-1
Severity: important
File: /usr/sbin/rsyslogd
Hello there!
We found a number of Debian 9 servers that stopped logging after OS updates in
2018-06. If my memory serves me (and it probably doesn't), it would appear that
syslog was removed but rsyslog wasn't installed as a replacement. When we
installed rsyslog there was an error in the file
/etc/rsyslogs/named.conf
I don't understand what the error is. We didn't create the file manually, it
was a part of a Debian package at some point.
That error prevents rsyslogd from writing to auth.log and other important log
files. There is no output to stout to say there was an issue starting or
running.
Here's the error:
# service rsyslog status
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset:
enabled)
Active: active (running) since Wed 2018-10-24 15:56:51 CDT; 3s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 13874 (rsyslogd)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/rsyslog.service
└─13874 /usr/sbin/rsyslogd -n
Oct 24 15:56:51 sochi systemd[1]: Starting System Logging Service...
Oct 24 15:56:51 sochi liblogging-stdlog[13874]: [origin software="rsyslogd"
swVersion="8.24.0" x-pid="13874" x-info="http://www.rsyslog.com";] start
Oct 24 15:56:51 sochi liblogging-stdlog[13874]: action 'logging' treated as
':omusrmsg:logging' - please use ':omusrmsg:logging' syntax instead, 'logging'
will not be supported in the future
Oct 24 15:56:51 sochi systemd[1]: Started System Logging Service.
Oct 24 15:56:51 sochi liblogging-stdlog[13874]: error during parsing file
/etc/rsyslog.d/named.conf, on or before line 1: warnings occured in file
'/etc/rsyslog.d/named.conf' around line 1 [
Oct 24 15:56:51 sochi liblogging-stdlog[13874]: error during parsing file
/etc/rsyslog.d/named.conf, on or before line 1: syntax error on token '{'
[v8.24.0 try http://www.rsyslog.com/e/2207
Oct 24 15:56:51 sochi liblogging-stdlog[13874]: CONFIG ERROR: could not
interpret master config file '/etc/rsyslog.conf'. [v8.24.0 try
http://www.rsyslog.com/e/2207 ]
Here is that named.conf file:
# cat /etc/rsyslog.d/named.conf
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category lame-servers { null; };
};
By moving that file to an unexpected extension, we can restart rsyslogd and
things are working again
mv /etc/rsyslog.d/named.conf /etc/rsyslog.d/named.conf.bak
Thanks Debian and everyone!
-- System Information:
Debian Release: 9.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages rsyslog depends on:
ii init-system-helpers 1.48
ii libc6 2.24-11+deb9u3
ii libestr0 0.1.10-2
ii libfastjson4 0.99.4-1
ii liblogging-stdlog0 1.0.5-2+b2
ii liblognorm5 2.0.1-1.1+b1
ii libsystemd0 232-25+deb9u4
ii libuuid1 2.29.2-1+deb9u1
ii lsb-base 9.20161125
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages rsyslog recommends:
ii logrotate 3.11.0-0.1
Versions of packages rsyslog suggests:
pn rsyslog-doc <none>
pn rsyslog-gnutls <none>
pn rsyslog-gssapi <none>
pn rsyslog-mongodb <none>
pn rsyslog-mysql | rsyslog-pgsql <none>
pn rsyslog-relp <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Am 25.10.18 um 16:05 schrieb Jeffrey Thomas:
> Hello, thanks for looking into this.
>
> No I'm not sure this is the situation. I tried to piece together the
> info I had available for this report but it's possible I missed
> something or misunderstood some aspect of this.
>
> Running that command, I don't have any results
>
> # dpkg -S /etc/rsyslog.d/named.conf
> dpkg-query: no path found matching pattern /etc/rsyslog.d/named.conf
>
> It's unlikely that we created that file ourselves. If this isn't a known
> file, I don't know what to say. Feel free to close this if you cannot
> reproduce the issue or find the related files.
>
I've asked the bind9 maintainer if the package ever created a
/etc/rsyslog.d/named.conf. He declined.
I searched the Debian archive via apt-file and codesearch.d.n for a file
named named.conf. Neither does turn up a hit.
So unfortunately I can't do much about this bug report which is why I'm
closing it.
I'd still be interested to know where this file came from. Should you
ever figure that out, please let me know.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
