Syslog is not updating

posted by | Leave a comment

Test logback: The obvious one: add a File Appender as a second appender and make sure events appear there.

I've got a working logback config on known-good J2EE and syslog environments.

Further information about this issue may be found following that link.

I had this problem because my /var/log was residing on a ramdisk to reduce wear on my SSD and I wanted to move it to a HDD so I had more history than just the current boot.

And a second identical VM on the same host (which didn't go through quite the same circle of repeatedly disabling ntp, having the date changed and rebooted multiple times) with the same file logs just fine.After I rotated all the log files, they have remained empty: # ls -l /var/log/*-rw-r--r-- 1 root root 0 Jun 27 /var/log/-rw-r----- 1 root adm 0 Jun 26 /var/log/-rw-r----- 1 root adm 0 Jun 26 /var/log/-rw-r--r-- 1 root root 0 Jun 27 /var/log/-rw-r----- 1 root adm 0 Jun 26 /var/log/-rw-r----- 1 root adm 0 Jun 26 /var/log/-rw-r----- 1 root adm 0 Jun 26 /var/log/-rw-r----- 1 root adm 0 Jun 26 /var/log/# lsof -p 1855 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 1855 root cwd DIR 202,0 4096 2 / rsyslogd 1855 root rtd DIR 202,0 4096 2 / rsyslogd 1855 root txt REG 202,0 342076 21649 /usr/sbin/rsyslogd rsyslogd 1855 root mem REG 202,0 38556 32153 /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13rsyslogd 1855 root mem REG 202,0 79728 32165 /lib/i386-linux-gnu/i686/cmov/libnsl-2.13rsyslogd 1855 root mem REG 202,0 26456 32163 /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13rsyslogd 1855 root mem REG 202,0 297500 1061058 /usr/lib/rsyslog/rsyslogd 1855 root mem REG 202,0 42628 32170 /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13rsyslogd 1855 root mem REG 202,0 22784 1061106 /usr/lib/rsyslog/rsyslogd 1855 root mem REG 202,0 1401000 32169 /lib/i386-linux-gnu/i686/cmov/libc-2.13rsyslogd 1855 root mem REG 202,0 30684 32175 /lib/i386-linux-gnu/i686/cmov/librt-2.13rsyslogd 1855 root mem REG 202,0 9844 32157 /lib/i386-linux-gnu/i686/cmov/libdl-2.13rsyslogd 1855 root mem REG 202,0 117009 32154 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13rsyslogd 1855 root mem REG 202,0 79980 17746 /usr/lib/1.2.3.4 rsyslogd 1855 root mem REG 202,0 18836 1061094 /usr/lib/rsyslog/rsyslogd 1855 root mem REG 202,0 117960 31845 /lib/i386-linux-gnu/ld-2.13rsyslogd 1855 root 0u unix 0xebe8e800 0t0 640 /dev/log rsyslogd 1855 root 3u FIFO 0, /dev/xconsole rsyslogd 1855 root 4u unix 0xebe8e400 0t0 645 /var/spool/postfix/dev/log rsyslogd 1855 root 5r REG 0,3 0 4026532176 /proc/kmsg I thought someone had hacked the system, so run rkhunter, chkrootkit, unhide in an attempt to find hide processes / ports and nmap in a remote host to compare with the ports shown by netstat.And I know this doesn't mean anything, but all looks ok.The system also have an iptables firewall that is very restrictive with incoming / outgoing connections.This is driving me crazy, any idea what is going on here?

Leave a Reply

city investing com liquidating