Ronny wrote the following on 12/20/2005 09:01 AM: > Hello buddies hope you are still in the moods of helping :-) . > Was wondering what on earth can stop syslogd from working.I recall 2 > months back was messing around my 'test' machine that happens to be my > desktop too.But of recent I nolonger see new logs :-( . > Hope I wasn't *rooted * ;-)
syslog.conf looks ok, unless: 1. the /var partition is full 2. the /var partition is no longer writable by root (or whoever user syslog runs as) *very unlikly situation* so, ronnie, as basic as this might sound, first show us the output of "df -h" :) ernesto > See output below > > [EMAIL PROTECTED] etc]# cat syslog.conf > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /dev/console > > # Log anything (except mail) of level info or higher. > # Don't log private authentication messages! > *.info;mail.none;authpriv.none;cron.none /var/log/messages > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > > # Log all the mail messages in one place. > mail.* /var/log/maillog > > > # Log cron stuff > cron.* /var/log/cron > > # Everybody gets emergency messages > *.emerg * > > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler > > # Save boot messages also to boot.log > local7.* /var/log/boot.log > [EMAIL PROTECTED] etc]# > [EMAIL PROTECTED] log]# cat secure > Oct 10 08:34:25 pixmail userhelper[2819]: running '/sbin/reboot' with > root privileges on behalfof 'root' > Oct 10 08:35:01 pixmail sshd[1927]: Received signal 15; terminating. > [EMAIL PROTECTED] log]# > Interesting! what was terminating what :-) and who gave authority to > that program (userhelper) to reboot on behalf of root!!.Can someone > advise what might have happened to syslog? > > Strange but true ------->[EMAIL PROTECTED] log]# /sbin/syslogd > syslogd: Already running. > > And nothing much from selinux side > <cough> it's dirsty!! > [EMAIL PROTECTED] log]# /usr/sbin/sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Mode from config file: enforcing > Policy version: 19 > Policy from config file:targeted > > Policy booleans: > allow_execmem active > allow_execmod active > allow_execstack active > allow_kerberos inactive > allow_ypbind inactive > dhcpd_disable_trans inactive > httpd_builtin_scripting active > httpd_can_network_connectinactive > httpd_disable_trans inactive > httpd_enable_cgi active > httpd_enable_homedirs active > httpd_ssi_exec active > httpd_tty_comm inactive > httpd_unified active > mysqld_disable_trans inactive > named_disable_trans inactive > named_write_master_zonesinactive > nscd_disable_trans inactive > ntpd_disable_trans inactive > portmap_disable_trans inactive > postgresql_disable_transinactive > read_default_t active > snmpd_disable_trans inactive > squid_connect_any inactive > squid_disable_trans inactive > syslogd_disable_trans inactive > use_nfs_home_dirs inactive > use_samba_home_dirs inactive > winbind_disable_trans inactive > ypbind_disable_trans inactive > [EMAIL PROTECTED] log]# > Thanks for ya time but please need my box surveillance system up during > the holiday.And sorry for coloring it's festive season :-) > Merry-xmas > Ronny > > > -- > ******************************************************************* > PGP Fingerprint: 6695 794A B84E D922 88FB 73CC 6CBD 8036 B3CD 7304 > We can't become what we need to be by remaining what we are > ******************************************************************* > > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
