Topic: nothing in /var/log/messages

I've been noticing that the /var/log/messages is empty on a 7.2-RELEASE-p1 machine I'm running.
It hasn't always been like this, however I'm not sure why it started occurring.

On other machines, when someone does an 'su' to root, it creates a log entry, but not on this problem server.

I've tried, deleting and recreating the file, restarting syslogd.....nothing

Some Details:

[root@fire ~]# ps -aux | grep syslog
root    75635  0.0  0.1  5692  1380  ??  Ss    4:32PM   0:00.01 /usr/sbin/syslogd -c

[root@fire ~]# ls -lh /var/log/messages
-rw-r--r--  1 root  wheel     0B Mar 17 16:23 /var/log/messages

[root@fire ~]# grep messages /etc/newsyslog.conf 
/var/log/messages                       644  7     400  *      C

[root@fire ~]# logger -p local3.notice testingthisout
--no log entry, but it does log on all my other 6 servers

[root@fire /var/log]# cat /etc/syslog.conf 
# $FreeBSD: src/etc/syslog.conf,v 2008/11/25 02:59:29 kensmith Exp $

*.err;kern.warning;auth.notice;mail.crit                /dev/console

*.notice;authpriv.none;kern.debug;;mail.crit;news.err;pdns.none /var/log/messages

security.*                                      /var/log/security;                         /var/log/auth.log                                       /var/log/maillog                                        /var/log/lpd-errs                                        /var/log/xferlog
cron.*                                          /var/log/cron
*.=debug                                        /var/log/debug.log
*.emerg                                         *

# uncomment this to log all writes to /dev/console to /var/log/console.log                                   /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.*                                            /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit                                     /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice                                   /var/log/news/news.notice

*.*                                             /var/log/slip.log

*.*                                             /var/log/ppp.log

*.*                                             /var/log/pdns.log

Re: nothing in /var/log/messages

pdns.none in your sysctl.conf doesn't seem right, you can't add custom facility names to syslog.

Trust me, I know what I'm doing.

Re: nothing in /var/log/messages

!name notation tells syslog to look for log entries from a specific process <name>, and then send those entries to a specific log.  Oh, wait, nevermind.  You were talking about the pdns.none entry in a line at the top.  Yeah, that would be an issue.

We used this back in the day to get IPFW logs into a separate firewall.log.

Usually, when you get empty logs, it means that syslog has become confused, and simply restarting it will get things working again.  However, if you've already done that, then it's something else.

Backup /etc/syslog.conf and replace it with one from a working server.  Or, at least, compare it to one from a working server.

[Edit:  secondthird sentences added]

Last edited by phoenix (2010-04-03 02:31:16)