Syslog not logging anything; /var/log/syslog is empty

Recently sendmail stopped accepting messages for delivery on my Solaris 10 x86 machine. I am trying to diagnose the problem but syslog doesn't seem to be working either. My /etc/syslog.conf:

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
auth.info               /var/log/authlog

mail.info               /var/log/maillog


#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
local7.debug                                    /var/log/mimedefang
user.emerg                                      *
)

/var/log/authlog works. So does /var/log/mimedefang and /var/adm/messages. However, /var/log/syslog is empty and the last line in /var/log/syslog.0 is from over a month ago. /var/log/maillog is also empty. I have restarted system-log and sendmail multiple times using svcadm. Is there something wrong with my syslog.conf?


As @MadHatter states above, syslog.conf does not mention /var/log/syslog anywhere. Therefore, no logs will be written to /var/log/syslog.

If I remember right, most Solaris systems had a line which looks like this in syslog.conf:

mail.info                     ifdef(`LOGHOST', /var/log/syslog, @loghost)

OR

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

OR

mail.info                     /var/log/syslog

My /etc/syslog.conf (andLinux) contains

*.*;auth,authpriv.none          -/var/log/syslog

The one you posted doesn't mention /var/log/syslog.


For me the solution was: At some point the old kernel logger daemon got upgraded to rsyslogd. When this happened the logs owned by “messagebus” got left owned by "messagebus", but couldn't be written to by "syslog".

Changing ownsership of these logs to "syslog" and restarting syslogd was sufficient to fix.