Kernel 108528-20
For a few days already, I noticed that nothing is being written to /var/adm/messages
And all the rolled over files ( /var/adm/messages.[0-9] ) have a size of zero bytes.
Tried restarting syslog several times ( /etc/init.d/syslog stop; /etc/init.d/syslog start )
I then noticed that there are multiple syslog processes running.
/etc/init.d/syslog/stop does not actually stop syslogd
/etc/init.d/syslog/start starts up a new syslog process.
So I killed all syslogd processes, and started up syslogd again so only 1 is running.
Tried:
logger -p mail.crit "Test"
.... since my /etc/syslog.conf has the following entry:
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
.... but nothing is written on /var/adm/messages
|
|
0
|
|
|
|
Reply
|
 noone
|
6/3/2004 12:49:30 AM |
|
noone <noone@noone.org> writes:
>I then noticed that there are multiple syslog processes running.
>/etc/init.d/syslog/stop does not actually stop syslogd
>/etc/init.d/syslog/start starts up a new syslog process.
I suggest you carefully check your syslogd. Perhaps you have been
hacked, and are running a trojan.
|
|
|
0
|
|
|
|
Reply
|
Neil
|
6/3/2004 2:23:04 AM
|
|
noone wrote:
> Kernel 108528-20
>
> For a few days already, I noticed that nothing is being written to
> /var/adm/messages
> And all the rolled over files ( /var/adm/messages.[0-9] ) have a size of
> zero bytes.
> Tried restarting syslog several times ( /etc/init.d/syslog stop;
> /etc/init.d/syslog start )
>
> I then noticed that there are multiple syslog processes running.
> /etc/init.d/syslog/stop does not actually stop syslogd
> /etc/init.d/syslog/start starts up a new syslog process.
>
> So I killed all syslogd processes, and started up syslogd again so only
> 1 is running.
> Tried:
>
> logger -p mail.crit "Test"
>
> ... since my /etc/syslog.conf has the following entry:
>
> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
>
>
> ... but nothing is written on /var/adm/messages
>
>
>
>
Try starting syslogd from the console with the debug flag.
|
|
|
0
|
|
|
|
Reply
|
Matty
|
6/3/2004 2:26:04 AM
|
|
noone wrote:
|> Kernel 108528-20
Somewhat old. On a machine on which I played with 5.8 four months ago
I already have -29.
|> .... but nothing is written on /var/adm/messages
Is there any free space left on that file system?
--
"I'm a doctor, not a mechanic." Dr Leonard McCoy <mccoy@ncc1701.starfleet.fed>
"I'm a mechanic, not a doctor." Volker Borchert <v_borchert@despammed.com>
|
|
|
0
|
|
|
|
Reply
|
v_borchert
|
6/3/2004 3:15:26 AM
|
|
Matty wrote:
> noone wrote:
>
>> Kernel 108528-20
>>
>> For a few days already, I noticed that nothing is being written to
>> /var/adm/messages
>> And all the rolled over files ( /var/adm/messages.[0-9] ) have a size
>> of zero bytes.
>> Tried restarting syslog several times ( /etc/init.d/syslog stop;
>> /etc/init.d/syslog start )
>>
>> I then noticed that there are multiple syslog processes running.
>> /etc/init.d/syslog/stop does not actually stop syslogd
>> /etc/init.d/syslog/start starts up a new syslog process.
>>
>> So I killed all syslogd processes, and started up syslogd again so
>> only 1 is running.
>> Tried:
>>
>> logger -p mail.crit "Test"
>>
>> ... since my /etc/syslog.conf has the following entry:
>>
>> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
>>
>>
>> ... but nothing is written on /var/adm/messages
>>
>>
>>
>>
>
> Try starting syslogd from the console with the debug flag.
All I get is:
main(1): Started at time Thu Jun 3 15:12:47 2004
hnc_init(1): hostname cache configured 128 entry ttl:600
getnets(1): found 1 addresses, they are: 0.0.0.0.2.2
amiloghost(1): testing 10.0.21.16.2.2
conf_init(1): I am loghost
cfline(1): (*.err;kern.notice;auth.notice /dev/sysmsg)
cfline(1): (*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages)
cfline(1): (*.alert;kern.err;daemon.err operator)
cfline(1): (*.alert root)
cfline(1): (*.emerg *)
cfline(1): (mail.debug /var/log/syslog)
cfline(1): (user.err /dev/console)
|
|
|
0
|
|
|
|
Reply
|
noone
|
6/3/2004 5:13:50 AM
|
|
Neil W Rickert wrote:
> noone <noone@noone.org> writes:
>
>
>>I then noticed that there are multiple syslog processes running.
>>/etc/init.d/syslog/stop does not actually stop syslogd
>>/etc/init.d/syslog/start starts up a new syslog process.
>
>
> I suggest you carefully check your syslogd. Perhaps you have been
> hacked, and are running a trojan.
>
I checked it against Sun's Solaris FingerPrint Database, and it matches:
60689abda0b5abf9e841c0b3fb7abc7d - (/usr/sbin/syslogd) - 1 match(es)
* canonical-path: /usr/sbin/syslogd
* package: SUNWcsu
* version: 11.8.0,REV=2000.01.08.18.12
* architecture: sparc
* source: Solaris 8/SPARC
* patch: 110945-07
|
|
|
0
|
|
|
|
Reply
|
noone
|
6/3/2004 5:25:37 AM
|
|
Volker Borchert wrote:
> noone wrote:
>
> |> Kernel 108528-20
>
> Somewhat old. On a machine on which I played with 5.8 four months ago
> I already have -29.
>
> |> .... but nothing is written on /var/adm/messages
>
> Is there any free space left on that file system?
>
Yes, there is:
/dev/md/dsk/d2 1987399 1157569 770209 61% /var
|
|
|
0
|
|
|
|
Reply
|
noone
|
6/3/2004 5:26:44 AM
|
|
Hmm...Try theses:
A little sanity check:
Make sure the following files exist (not sure if syslog still uses
these or not but...)
/etc/.syslog_door should be a link to
/var/run/syslog_door
/dev/log
Okay, now open two terminal windows and in one run the following command:
truss -fp $(pgrep syslogd)
And in the other run your logger command.
Once you run the logger command, you SHOULD see output from your truss
command. This should indicate that something is talking to the daemon.
Hopefully you will see some errors...if you do report them back.
If you don't get anything useful back, try running syslogd with the -d
flag and then send a logger command at it and watch what syslogd reports.
--Brett
noone <noone@noone.org> wrote:
> Kernel 108528-20
> For a few days already, I noticed that nothing is being written to /var/adm/messages
> And all the rolled over files ( /var/adm/messages.[0-9] ) have a size of zero bytes.
> Tried restarting syslog several times ( /etc/init.d/syslog stop; /etc/init.d/syslog start )
> I then noticed that there are multiple syslog processes running.
> /etc/init.d/syslog/stop does not actually stop syslogd
> /etc/init.d/syslog/start starts up a new syslog process.
> So I killed all syslogd processes, and started up syslogd again so only 1 is running.
> Tried:
> logger -p mail.crit "Test"
> ... since my /etc/syslog.conf has the following entry:
> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
> ... but nothing is written on /var/adm/messages
|
|
|
0
|
|
|
|
Reply
|
foo
|
6/3/2004 4:28:03 PM
|
|
noone <noone@noone.org> wrote in message news:<uAuvc.3193$rz4.2114@news-server.bigpond.net.au>...
> Kernel 108528-20
>
> For a few days already, I noticed that nothing is being written to /var/adm/messages
> And all the rolled over files ( /var/adm/messages.[0-9] ) have a size of zero bytes.
> Tried restarting syslog several times ( /etc/init.d/syslog stop; /etc/init.d/syslog start )
>
> I then noticed that there are multiple syslog processes running.
> /etc/init.d/syslog/stop does not actually stop syslogd
> /etc/init.d/syslog/start starts up a new syslog process.
>
> So I killed all syslogd processes, and started up syslogd again so only 1 is running.
> Tried:
>
> logger -p mail.crit "Test"
>
> ... since my /etc/syslog.conf has the following entry:
>
> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
>
>
> ... but nothing is written on /var/adm/messages
In addition to the post about running syslogd in debug mode I would check
to see if there are any spaces between the fields above as /etc/syslog.conf
is TAB separated. Finally if all else fails maybe try running
"truss -o /tmp/syslog.out -f /usr/sbin/syslogd" and see if anything
interesting is in /tmp/syslog.out.
Troy
|
|
|
0
|
|
|
|
Reply
|
tlc
|
6/3/2004 7:24:32 PM
|
|
noone wrote:
> Kernel 108528-20
>
> For a few days already, I noticed that nothing is being written to
> /var/adm/messages
> And all the rolled over files ( /var/adm/messages.[0-9] ) have a size of
> zero bytes.
> Tried restarting syslog several times ( /etc/init.d/syslog stop;
> /etc/init.d/syslog start )
>
> I then noticed that there are multiple syslog processes running.
> /etc/init.d/syslog/stop does not actually stop syslogd
> /etc/init.d/syslog/start starts up a new syslog process.
>
> So I killed all syslogd processes, and started up syslogd again so only
> 1 is running.
> Tried:
>
> logger -p mail.crit "Test"
>
> ... since my /etc/syslog.conf has the following entry:
>
> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
>
>
> ... but nothing is written on /var/adm/messages
>
>
The offending line was:
user.err /dev/console
After logging a case with Sun, they said:
From the truss output, we suspect syslogd was not able to open /dev/console.
1)
truss:
16732: stat64("/dev/console", 0xFFBEF510) = 0
16732: open64("/dev/console", O_WRONLY|O_APPEND|O_NOCTTY) (sleeping...)
Now removing that line made syslogd log again ( or using the original syslog.conf from CD ).
However, if I add that same offending line within the "ifdef(`LOGHOST', ,)", syslogd still works.
The same host is loghost as well as defined in /etc/hosts.
|
|
|
0
|
|
|
|
Reply
|
averageuser
|
6/16/2004 2:54:53 AM
|
|
i have still the same problem
no output in /var/adm/messages
please help
averageuser wrote:
> noone wrote:
>
>> Kernel 108528-20
>>
>> For a few days already, I noticed that nothing is being written to
>> /var/adm/messages
>> And all the rolled over files ( /var/adm/messages.[0-9] ) have a size
>> of zero bytes.
>> Tried restarting syslog several times ( /etc/init.d/syslog stop;
>> /etc/init.d/syslog start )
>>
>> I then noticed that there are multiple syslog processes running.
>> /etc/init.d/syslog/stop does not actually stop syslogd
>> /etc/init.d/syslog/start starts up a new syslog process.
>>
>> So I killed all syslogd processes, and started up syslogd again so
>> only 1 is running.
>> Tried:
>>
>> logger -p mail.crit "Test"
>>
>> ... since my /etc/syslog.conf has the following entry:
>>
>> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
>>
>>
>> ... but nothing is written on /var/adm/messages
>>
>>
>
> The offending line was:
>
> user.err /dev/console
>
> After logging a case with Sun, they said:
>
> From the truss output, we suspect syslogd was not able to open
> /dev/console.
> 1)
> truss:
> 16732: stat64("/dev/console", 0xFFBEF510) = 0
> 16732: open64("/dev/console", O_WRONLY|O_APPEND|O_NOCTTY) (sleeping...)
>
>
> Now removing that line made syslogd log again ( or using the original
> syslog.conf from CD ).
> However, if I add that same offending line within the "ifdef(`LOGHOST',
> ,)", syslogd still works.
> The same host is loghost as well as defined in /etc/hosts.
>
>
>
>
>
>
>
>
|
|
|
0
|
|
|
|
Reply
|
Jordan
|
6/16/2004 3:04:18 PM
|
|
averageuser wrote:
> The offending line was:
>
> user.err /dev/console
>
> After logging a case with Sun, they said:
>
> From the truss output, we suspect syslogd was not able to open
> /dev/console.
> 1)
> truss:
> 16732: stat64("/dev/console", 0xFFBEF510) = 0
> 16732: open64("/dev/console", O_WRONLY|O_APPEND|O_NOCTTY) (sleeping...)
>
>
> Now removing that line made syslogd log again ( or using the original
> syslog.conf from CD ).
> However, if I add that same offending line within the "ifdef(`LOGHOST',
> ,)", syslogd still works.
> The same host is loghost as well as defined in /etc/hosts.
>
Was told that the logic is, if it is LOGHOST, then ignore the entries within "ifdef".
That's why it was working.
|
|
|
0
|
|
|
|
Reply
|
averageuser
|
6/16/2004 10:55:39 PM
|
|
|
11 Replies
1343 Views
(page loaded in 0.132 seconds)
Similiar Articles: syslogd not logging anymore - comp.unix.solarisKernel 108528-20 For a few days already, I noticed that nothing is being written to /var/adm/messages And all the rolled over files ( /var/adm/messag... syslogd stops logging - comp.unix.solarissyslogd not logging anymore - comp.unix.solaris... syslog processes running. /etc/init.d/syslog/stop does not actually stop syslogd /etc ... Now removing that line made ... Does Solaris 10 syslogd respect LOGHOST? - comp.unix.solaris ...syslogd not logging anymore - comp.unix.solaris However, if I add that same offending line within the "ifdef(`LOGHOST', ,)", syslogd ... files? - comp.unix ... syslogd not ... How does syslogd maintain /var/adm/messages files? - comp.unix ...syslogd not logging anymore - comp.unix.solaris How does syslogd maintain /var/adm/messages files? - comp.unix ... syslogd not logging anymore - comp.unix.solaris How does ... Syslog on Solaris 10 - comp.unix.solarissyslogd not logging anymore - comp.unix.solaris Kernel 108528-20 For a few days already, I noticed that nothing is being written to /var/adm/messages And all the rolled ... [command] logger ? - comp.unix.solarissyslogd not logging anymore - comp.unix.solaris If you don't get anything useful back, try running syslogd with the -d flag and then send a logger command at it and watch ... rereading configuration file of syslog-ng - comp.unix.programmer ...syslogd not logging anymore - comp.unix.solaris syslog.conf(5): syslogd config file - Linux man page The keyword ... syslog-ng to source the audit.log file. forwarding syslog to remote machine, getting no hostname - comp ...syslogd not logging anymore - comp.unix.solaris Tried restarting syslog several times ... Jun 3 15:12:47 2004 hnc_init(1): hostname ... By default syslogd will not forward ... Trapping Linux clock reset event - comp.protocols.time.ntp ...syslogd not logging anymore - comp.unix.solaris Trapping Linux clock reset event - comp.protocols.time.ntp ... syslogd not logging anymore - comp.unix.solaris Trapping ... Is there a Redo command? - comp.groupware.lotus-notes.misc ...[command] logger ? - comp.unix.solaris Is there a Redo command? - comp.groupware.lotus-notes.misc ... syslogd not logging anymore - comp.unix.solaris to see if there are ... Prevent log messages from scrolling on console - comp.sys.sun ...syslogd not logging anymore - comp.unix.solaris... times ( /etc/init.d/syslog stop ... is written on /var/adm/messages > > > > Try starting syslogd from the console with ... /var size? - comp.unix.solarissyslogd not logging anymore - comp.unix.solaris /var size? - comp.unix.solaris syslogd not logging anymore - comp.unix.solaris > And all the rolled over files ( /var/adm ... dmesg not from /var/adm/messages - comp.sys.hp.hpuxsyslogd not logging anymore - comp.unix.solaris Kernel 108528-20 For a few days already, I noticed that nothing is being written to /var/adm/messages And all the rolled ... Battlefront hacked - comp.sys.ibm.pc.games.war-historical ...syslogd not logging anymore - comp.unix.solaris Battlefront hacked - comp.sys.ibm.pc.games.war-historical ... syslogd not logging anymore - comp.unix.solaris > hacked, and ... Solairs 8 xntpd client oscillates - comp.protocols.time.ntp ...syslogd not logging anymore - comp.unix.solaris Solaris 8 xntpd vs ntpd? - comp.protocols.time.ntp Doesn't ntpd create a corresponding syslog entry any ... syslogd not logging anymore - comp.unix.solaris | Computer GroupKernel 108528-20 For a few days already, I noticed that nothing is being written to /var/adm/messages And all the rolled over files ( /var/adm/messag... syslogd - Linux Command - Unix Command - Linux Operating System ...Syslogd provides a kind of logging that many modern programs use. ... By default syslogd will not forward messages it ... another (or the same) remote host anymore ... 7/20/2012 3:04:56 PM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
78 followers. 