Syslog not logging – Valuable Tech Notes

My syslog setup has been happily running for years, and suddenly I cannot log anything at all.

With the default configuration I test logging by running a PHP script:

php -r "syslog(LOG_NOTICE,'Test message');"

Also, using the logger command:

/usr/bin/logger -s "Test message"

On an identical healthy server bother commands write lines to /var/log/messages. On the bad server I get nothing:

rsyslogd service is running
Nothing is logged to /var/log/messages except the systemd restart messages
Running rsyslogd -nd in the foreground, I get no debug output at all when the above command is run.
Running rsyslogd -N1 to check syntax I get no config errors

I'm running rsyslogd 8.24.0-34.el7 on CentOS 7

What could be preventing the system from receiving messages?

Update: After resorting to a machine restart this fixed itself.

It also flushed out a bunch of repeated errors from the previous days like this:

rsyslogd: sd_journal_get_cursor() failed: 'Cannot assign requested address'  [v8.24.0-34.el7]
rsyslogd: imjournal: journal reloaded... [v8.24.0-34.el7 try http://www.rsyslog.com/e/0 ]

Best Answer

What could be preventing the system from receiving messages? may be no free disk space available

The error appears when the logs are rotated.

This is a bug in rsyslog v8.24.0-34.el7 - update to the latest current version.

or, you may comment it out in the /etc/rsyslog.conf file

$ModLoad imjournal
$IMJournalStateFile imjournal.state

Add

module (load= "imjournal" StateFile= "imjournal.state" WorkAroundJournalBug= " on")

and restart service rsyslog

Best Answer

Related Solutions

How to keep haproxy log messages out of /var/log/syslog

Postgresql – syslog writing to general instead of specific file

Related Topic