Syslog not logging anything; /var/log/syslog is empty

sendmail syslog

Recently sendmail stopped accepting messages for delivery on my Solaris 10 x86 machine. I am trying to diagnose the problem but syslog doesn't seem to be working either. My /etc/syslog.conf:

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
auth.info               /var/log/authlog

mail.info               /var/log/maillog


#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
local7.debug                                    /var/log/mimedefang
user.emerg                                      *
)

/var/log/authlog works. So does /var/log/mimedefang and /var/adm/messages. However, /var/log/syslog is empty and the last line in /var/log/syslog.0 is from over a month ago. /var/log/maillog is also empty. I have restarted system-log and sendmail multiple times using svcadm. Is there something wrong with my syslog.conf?


As @MadHatter states above, syslog.conf does not mention /var/log/syslog anywhere. Therefore, no logs will be written to /var/log/syslog.

If I remember right, most Solaris systems had a line which looks like this in syslog.conf:

mail.info                     ifdef(`LOGHOST', /var/log/syslog, @loghost)

OR

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

OR

mail.info                     /var/log/syslog

My /etc/syslog.conf (andLinux) contains 

*.*;auth,authpriv.none          -/var/log/syslog

The one you posted doesn't mention /var/log/syslog.


For me the solution was: At some point the old kernel logger daemon got upgraded to rsyslogd. When this happened the logs owned by “messagebus” got left owned by "messagebus", but couldn't be written to by "syslog".

Changing ownsership of these logs to "syslog" and restarting syslogd was sufficient to fix.

Related

Disconnect vs SIgn Out on Windows RDC
Remote VPN - two-factor authentication with Cisco ASA + OpenLDAP
how to monitor select processes on centos 5.x host?
Reduce number of Apache processes
Most common Unix/Linux shell
Reporting Penetration Attempts to My Server
Can I safely create new Virtual Machines from copies of VHD without sysprep?
Only allow owner to delete file in shared network drive Windows
Why am I only achieving 2.5Gbps over a 10Gbe direct connection between 2 machines?
RAM disk and physical RAID
no disk io but iowait very high
filtering event logs with specific TIME range of ANY day