Kenneth Kabagambe wrote:
You can start syslogd in the foreground to verify that it is actually
logging. The messages will show you which file it is logging to
>From this can see some access problems.Do you think after some yum
update I did caused this or so :-\
Thanks
[EMAIL PROTECTED] log]# /sbin/syslogd -d
Allocated parts table for 1024 file descriptors.
Starting.
Called init.
Called allocate_log, nlogs = -1.
cfline(*.info;mail.none;authpriv.none;cron.none /var/log/messages)
symbolic name: info ==> 6
symbolic name: none ==> 16
symbolic name: mail ==> 16
symbolic name: none ==> 16
symbolic name: authpriv ==> 80
symbolic name: none ==> 16
symbolic name: cron ==> 72
leading char in action: /
filename: /var/log/messages
Error opening log file: /var/log/messages
Called logerr, msg: /var/log/messages
logmsg: syslog.err<43>, flags 4, from boo, msg syslogd:
/var/log/messages: Permission denied
Called fprintlog, logging to CONSOLE /dev/console
Called allocate_log, nlogs = 0.
cfline(authpriv.*
/var/log/secure)
symbolic name: * ==> 255
symbolic name: authpriv ==> 80
leading char in action: /
filename: /var/log/secure
Error opening log file: /var/log/secure
Called logerr, msg: /var/log/secure
logmsg: syslog.err<43>, flags 4, from boo, msg syslogd:
/var/log/secure: Permission denied
Called fprintlog, logging to CONSOLE /dev/console
Called allocate_log, nlogs = 1.
cfline(mail.*
/var/log/maillog)
symbolic name: * ==> 255
symbolic name: mail ==> 16
leading char in action: /
filename: /var/log/maillog
Error opening log file: /var/log/maillog
Called logerr, msg: /var/log/maillog
logmsg: syslog.err<43>, flags 4, from boo, msg syslogd:
/var/log/maillog: Permission denied
Called fprintlog, logging to CONSOLE /dev/console
Called allocate_log, nlogs = 2.
cfline(cron.*
/var/log/cron)
symbolic name: * ==> 255
symbolic name: cron ==> 72
leading char in action: /
filename: /var/log/cron
Error opening log file: /var/log/cron
Called logerr, msg: /var/log/cron
logmsg: syslog.err<43>, flags 4, from boo, msg syslogd: /var/log/cron:
Permission denied
Called fprintlog, logging to CONSOLE /dev/console
Called allocate_log, nlogs = 3.
cfline(*.emerg *)
symbolic name: emerg ==> 0
leading char in action: *
write-all
Called allocate_log, nlogs = 4.
cfline(uucp,news.crit
/var/log/spooler)
symbolic name: crit ==> 2
symbolic name: uucp ==> 64
symbolic name: news ==> 56
leading char in action: /
filename: /var/log/spooler
Error opening log file: /var/log/spooler
Called logerr, msg: /var/log/spooler
logmsg: syslog.err<43>, flags 4, from boo, msg syslogd:
/var/log/spooler: Permission denied
Called fprintlog, logging to CONSOLE /dev/console
Called allocate_log, nlogs = 5.
cfline(local7.* /var/log/boot.log)
symbolic name: * ==> 255
symbolic name: local7 ==> 184
leading char in action: /
filename: /var/log/boot.log
Error opening log file: /var/log/boot.log
Called logerr, msg: /var/log/boot.log
logmsg: syslog.err<43>, flags 4, from boo, msg syslogd:
/var/log/boot.log: Permission denied
Called fprintlog, logging to CONSOLE /dev/console
Opened UNIX socket `/dev/log'.
0: 7F 7F X 7F 7F 7F 7F 7F 7F X X 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F
7F 7F 7F FILE: /var/log/messages (unused)
1: X X X X X X X X X X FF X X X X X X X X X X X
X X X FILE: /var/log/secure (unused)
2: X X FF X X X X X X X X X X X X X X X X X X X
X X X FILE: /var/log/maillog (unused)
3: X X X X X X X X X FF X X X X X X X X X X X X
X X X FILE: /var/log/cron (unused)
4: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 WALL:
5: X X X X X X X 7 7 X X X X X X X X X X X X X
X X X FILE: /var/log/spooler (unused)
6: X X X X X X X X X X X X X X X X X X X X X X
X FF X FILE: /var/log/boot.log (unused)
logmsg: syslog.info<46>, flags 4, from boo, msg syslogd 1.4.1: restart.
Called fprintlog, logging to FILE /var/log/messages
syslogd: restarted.
Debugging disabled, SIGUSR1 to turn on debugging.
Ronny wrote:
Hello buddies hope you are still in the moods of helping :-) .
Was wondering what on earth can stop syslogd from working.I recall 2
months back was messing around my 'test' machine that happens to be
my desktop too.But of recent I nolonger see new logs :-( .
Hope I wasn't *rooted * ;-)
See output below
[EMAIL PROTECTED] etc]# cat syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.*
/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit
/var/log/spooler
# Save boot messages also to boot.log
local7.*
/var/log/boot.log
[EMAIL PROTECTED] etc]# [EMAIL PROTECTED] log]# cat secure
Oct 10 08:34:25 pixmail userhelper[2819]: running '/sbin/reboot'
with root privileges on behalfof 'root'
Oct 10 08:35:01 pixmail sshd[1927]: Received signal 15; terminating.
[EMAIL PROTECTED] log]# Interesting! what was terminating what :-)
and who gave authority to that program (userhelper) to reboot on
behalf of root!!.Can someone advise what might have happened to
syslog?
Strange but true ------->[EMAIL PROTECTED] log]# /sbin/syslogd
syslogd: Already running.
And nothing much from selinux side
<cough> it's dirsty!!
[EMAIL PROTECTED] log]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 19
Policy from config file:targeted
Policy booleans:
allow_execmem active
allow_execmod active
allow_execstack active
allow_kerberos inactive
allow_ypbind inactive
dhcpd_disable_trans inactive
httpd_builtin_scripting active
httpd_can_network_connectinactive
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_tty_comm inactive
httpd_unified active
mysqld_disable_trans inactive
named_disable_trans inactive
named_write_master_zonesinactive
nscd_disable_trans inactive
ntpd_disable_trans inactive
portmap_disable_trans inactive
postgresql_disable_transinactive
read_default_t active
snmpd_disable_trans inactive
squid_connect_any inactive
squid_disable_trans inactive
syslogd_disable_trans inactive
use_nfs_home_dirs inactive
use_samba_home_dirs inactive
winbind_disable_trans inactive
ypbind_disable_trans inactive
[EMAIL PROTECTED] log]# Thanks for ya time but please
need my box surveillance system up during the holiday.And sorry for
coloring it's festive season :-)
Merry-xmas
Ronny
--
*******************************************************************
PGP Fingerprint: 6695 794A B84E D922 88FB 73CC 6CBD 8036 B3CD 7304
We can't become what we need to be by remaining what we are
*******************************************************************
------------------------------------------------------------------------
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them
(including attachments if any). The List's Host is not responsible
for them in any way.
---------------------------------------
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them
(including attachments if any). The List's Host is not responsible
for them in any way.
---------------------------------------
