Problem with Syslog

Problem with Syslog

[Linuxero Tux]

Hello everybody. I'm new here.

I'm the server manager of a Linux system and I allready setup the syslog 
daemon for our needs. The problem is that the syslogd is not working as I 
spected. For example, in some of the log files there are only "--- MARK ---" 
lines without any other information. Maybe the config file is setup wrong or 
I need to do something else.

I will apreciate if someone can help me. I also include the config file and 
the log files that aren't working as expected.


Thank you!



----- Config File -----

# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For info about the format of this file, see "man syslog.conf".
#

#
#
# print most on tty10 and on the xconsole pipe
#
kern.warn;*.err;authpriv.none    /dev/tty10
kern.warn;*.err;authpriv.none   |/dev/xconsole
*.emerg                          *

# enable this, if you want that root is informed
# immediately, e.g. of logins
#*.alert                                 root

#
# all email-messages in one file
#
mail.*                          -/var/log/mail

#
# all news-messages
#
# these files are rotated and examined by "news.daily"
news.crit                       -/var/log/news/news.crit
news.err                        -/var/log/news/news.err
news.notice                     -/var/log/news/news.notice
# enable this, if you want to keep all news messages
# in one file
#news.*                         -/var/log/news.all

#
# Warnings in one file
#
*.=warn;*.=err                   /var/log/warn
*.crit                           /var/log/warn

#
# save the rest in one file
#
*.*;mail.none;news.none         -/var/log/messages

#
# enable this, if you want to keep all messages
# in one file
#*.*                            -/var/log/allmessages

#
# Some foreign boot scripts require local7
#
local0,local1.*                 -/var/log/localmessages
local2,local3.*                 -/var/log/localmessages
local4,local5.*                 -/var/log/localmessages
local6,local7.*                 -/var/log/localmessages

kern.*          /var/log/firewall


#
# personal configuration
#

authpriv.*               /var/log/syslog
cron.*                   /var/log/cronlog
daemon.warn              /var/log/warn
syslog.*                -/var/log/syslog.log
user.*;user.!warn       -/var/log/userlog
user.warn                /var/log/userlog.warn





----- cronlog -----

Nov 12 12:59:00 proxy /USR/SBIN/CRON[5079]: (root) CMD ( rm -f 
/var/spool/cron/lastrun/cron.hourly)
Nov 12 13:15:00 proxy /USR/SBIN/CRON[5129]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt 2> /dev/null)
Nov 12 13:30:00 proxy /USR/SBIN/CRON[5188]: (root) CMD (/sbin/proc2 2> 
/dev/null)
Nov 12 13:30:00 proxy /USR/SBIN/CRON[5191]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt 2> /dev/null)
Nov 12 13:45:00 proxy /USR/SBIN/CRON[5241]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt  2> /dev/null)
Nov 12 13:59:00 proxy /USR/SBIN/CRON[5285]: (root) CMD ( rm -f 
/var/spool/cron/lastrun/cron.hourly)
Nov 12 14:15:01 proxy /USR/SBIN/CRON[5331]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt  2> /dev/null)





----- messages -----

Nov 12 12:59:00 proxy /USR/SBIN/CRON[5079]: (root) CMD ( rm -f 
/var/spool/cron/lastrun/cron.hourly)
Nov 12 13:15:00 proxy /USR/SBIN/CRON[5129]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt  2> /dev/null)
Nov 12 13:29:30 proxy -- MARK --
Nov 12 13:30:00 proxy /USR/SBIN/CRON[5188]: (root) CMD (/sbin/proc2 2> 
/dev/null)
Nov 12 13:30:00 proxy /USR/SBIN/CRON[5191]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt  2> /dev/null)
Nov 12 13:45:00 proxy /USR/SBIN/CRON[5241]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt  2> /dev/null)
Nov 12 13:59:00 proxy /USR/SBIN/CRON[5285]: (root) CMD ( rm -f 
/var/spool/cron/lastrun/cron.hourly)
Nov 12 14:09:30 proxy -- MARK --
Nov 12 14:15:01 proxy /USR/SBIN/CRON[5331]: (root) CMD (/sbin/proc1 >> 
/home/admin/report.txt  2> /dev/null)
Nov 12 14:21:52 proxy kernel: Kernel logging (proc) stopped.
Nov 12 14:21:52 proxy kernel: Kernel log daemon terminating.
Nov 12 14:21:53 proxy exiting on signal 15
Nov 12 14:21:54 proxy syslogd 1.3-3: restart.
Nov 12 14:21:57 proxy kernel: klogd 1.3-3, log source = /proc/kmsg started.
Nov 12 14:21:57 proxy kernel: Inspecting /boot/System.map-2.4.4-64GB-SMP
Nov 12 14:21:57 proxy kernel: Loaded 11112 symbols from 
/boot/System.map-2.4.4-64GB-SMP.
Nov 12 14:21:57 proxy kernel: Symbols match kernel version 2.4.4.
Nov 12 14:21:57 proxy kernel: Loaded 326 symbols from 4 modules.
Nov 12 14:41:54 proxy -- MARK --
Nov 12 15:01:54 proxy -- MARK --
Nov 12 15:41:54 proxy -- MARK --
Nov 12 16:01:54 proxy -- MARK --
Nov 12 16:21:54 proxy -- MARK --

... and so on

Nov 13 00:15:11 proxy su: (to nobody) root on none
Nov 13 00:15:11 proxy PAM-unix2[7419]: session started for user nobody, 
service su
Nov 13 00:20:14 proxy PAM-unix2[7419]: session finished for user nobody, 
service su
Nov 13 00:41:54 proxy -- MARK --
Nov 13 01:01:54 proxy -- MARK --
Nov 13 01:21:54 proxy -- MARK --

...

Nov 14 00:15:13 proxy su: (to nobody) root on none
Nov 14 00:15:13 proxy PAM-unix2[11521]: session started for user nobody, 
service su
Nov 14 00:20:47 proxy PAM-unix2[11521]: session finished for user nobody, 
service su
Nov 14 00:41:54 proxy -- MARK --
Nov 14 01:01:54 proxy -- MARK --
Nov 14 01:21:54 proxy -- MARK --

...

_________________________________________________________________
MSN. Más Útil Cada Día  http://www.msn.es/intmap/

Re: Problem with Syslog

[Emiliano Castagnari]

El  [ Mon 17, Nov 03 - 11:19 ] , Linuxero Tux expreso:
> Hello everybody. I'm new here.
> 
> I'm the server manager of a Linux system and I allready setup the syslog 
> daemon for our needs. The problem is that the syslogd is not working as I 
> spected. For example, in some of the log files there are only "--- MARK 
> ---" lines without any other information. Maybe the config file is setup 
> wrong or I need to do something else.
> 
> I will apreciate if someone can help me. I also include the config file and 
> the log files that aren't working as expected.

Hi !! This has nothing to do with your /etc/syslog.conf file.
This is an option you can change from the command line, or, from the
init.d/sysklogd file when syslog daemon is started.

Just adding the option "-m 0" will solve your problem (you 'll have to restart the
service).

This is also documented in the manual page for syslogd(8).

Cheers !!
-- 
Emiliano Castagnari

# Debian Sarge - GNU/Linux -  Athos 2.4.22-1-k7  #
# JID: pretorian@jabber.sk
# ICQ: 107462374 - Nick: mem
--------------------------------------------------
  - } [ Libera tu mente - Libera tu Codigo ] { -  
--------------------------------------------------

Re: Problem with Syslog

[Bill Carlson]

On Mon, 17 Nov 2003, Emiliano Castagnari wrote:

> El  [ Mon 17, Nov 03 - 11:19 ] , Linuxero Tux expreso:
> > spected. For example, in some of the log files there are only "--- MARK 
> > ---" lines without any other information. Maybe the config file is setup 
> > wrong or I need to do something else.

> Just adding the option "-m 0" will solve your problem (you 'll have to restart the
> service).

I would recommend leaving the MARK option on. Why? The point of MARK in
the logs files is to let you know that syslog is still running; should 
syslog die or something else unusual happens and no information is in the 
logs, you'll at least know about when syslog stopped working and hence 
about when the data on the server disks was last synced. This can be very 
important information in some cases, the cost of leaving the option on is 
small in comparision.

$.02

Bill Carlson
-- 
Systems Administrator    wcarlson@vh.org      | Anything is possible,
Virtual Hospital      http://www.vh.org/      | given time and money.
University of Iowa Hospitals and Clinics      |       
Opinions are mine, not my employer's.         |