CentOS 6.2, bind 9.7.3, rsyslog 4.6.2
I recently set up a server, and I noticed that named had stopped logging to /var/log/messages after the logs had rotated. I thought that was odd, since all logging happens through rsyslog and named doesn't write directly to the log file.
It was even more odd because I had HUPed named after updating a zone file, and it still wasn't logging.
After I stopped and restarted named, logging resumed.
What's going on here? The syslog PID hasn't changed (/var/run/syslogd.pid matches the PID shown in ps). Is rsyslog opening a new socket when logrotate rotates its logs and HUPs it?
/etc/logrotate.d/syslog:
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
And rsyslogd continues logging after the rotate — it's just named (and possibly other services) that aren't connecting to rsyslogd correctly. Here's /var/log/messages-20120212:
Feb 5 04:45:03 linus kernel: imklog 4.6.2, log source = /proc/kmsg started.
Feb 5 04:45:03 linus rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1178" x-info="http://www.rsyslog.com"] (re)start
Feb 9 16:16:29 linus yum[13028]: Installed: 2:vim-minimal-7.2.411-1.6.el6.i686
Feb 12 04:09:22 linus rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1178" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'restart'.
Feb 12 04:09:22 linus kernel: Kernel logging (proc) stopped.
And I'm only running rsyslogd (which for some reason saves its PID in /var/run/syslogd.pid):
root 1178 0.0 0.1 29496 1488 ? Sl Jan29 0:20 /sbin/rsyslogd -i /var/run/syslogd.pid -c 4
root 5960 0.0 0.0 2300 504 pts/0 S+ 17:45 0:00 grep syslog
Best Answer
I suppose you're using chrooted bind. You have to add this line to the rsyslog.conf:
$AddUnixListenSocket /var/named/chroot/dev/log
Make sure you use right path to the chrooted dev on your system.
Luf