syslogd not working

[darwin7]

Good morning
I received an lfd message ("SYSLOG Check Failed") reporting that syslog is not working properly.

I checked the service and it seem running and working:

[email protected] [~] # service rsyslog status
Redirecting to /bin/systemctl status rsyslog.service
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-12-10 09:25:41 CET; 3min 4s ago
Main PID: 595937 (rsyslogd)
CGroup: /system.slice/rsyslog.service
└─595937 /usr/sbin/rsyslogd -n

I also tried to manually add an entry:

[email protected] [~] # logger -p auth.notice "log test"
[email protected] [~] # grep "log test" /var/log/messages
[email protected] [~] #

...but I had nothing in return.

Then, I've seen that /var/log/messages is empty. Not sure that this is normal.

Finally:
1) the server is a newly setup server. syslog never worked well on this machine
2) checked /etc/rsyslog.conf and verified that it is identical to same file (/etc/rsyslog.conf) on other servers.


Please, what can I do?
Thank you

 

[cPanelLauren]

Hi @darwin7


While I do want to point out that this question is more geared towards a system administrator. I'd like to see if it's a simple fix. Can you show me what the following two lines look like in /etc/ryslog.conf?

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

You can find this easily by running the following:

[[email protected] dynamicui]# egrep 'imuxsock|imjournal' /etc/rsyslog.conf |grep ModLoad
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

 

[darwin7]

Hi @cPanelLauren

no longer need to check, because yesterday rsyslog started to work normally.

I investigated further, but unfortunately I was unable to understand what happened and why it fixed itself after >10 days of problems.

Thank you for your help

 

[cPanelLauren]

Hi @darwin7

That's odd! I'm glad it's working as intended now, thanks for letting us know. If you do run into any further issues with it let us know and we'll help as best we can.

Thanks!

 

[IMH-2018]

Hi

I am facing a similar issue.
service rsyslog is running but /var/log/messages and /var/log/maillog not writing

Please help

 

[cPanelLauren]

Hello @IMH-2018


Does it begin writing to messages or maillog if you restart it? What OS are you running? What is the output of the following:

[[email protected] dynamicui]# egrep 'imuxsock|imjournal' /etc/rsyslog.conf |grep ModLoad
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

 

[IMH-2018]

Hello,

I didnt try restarting the server.
I am using Cloudlinux release 7.6

And the output.....


are there any new update to resolve this issue

 

[cPanelLauren]

You wouldn't want to restart the server for this just the process which you can do with the following:

/scripts/restartsrv_rsyslog

 

[Major Tom]

I have the same issue for quite a while now (WHM 82.0.16 centos 7.7), however rebooting is of no use. I have the required entries in rsyslog.conf. Actually I have managed to kind of solve the issue by commenting out $OmitLocalLogging on and was wondering what the drawbacks are of leaving this fix in place.
I have tried no end of solutions to get rsyslog to pull entries from the journal, including restarts of all related services, erasing the rsyslog state file, rotating the journal files and turning compress off which I was hoping would fix the file corruption that 'journalctl --verify' finds in the current journald file ("entry timestamp out of synchronization"). Journald works fine and displays logs regardless of the corruption issue but rsyslog cannot pull entries from it. Even if I erase or vacuum the current journald file, corruption reappears in the new file yet journald works fine and picks up logger command tests. Nothing appears in any of the files stated in the rsyslog configuration (messages, maillog etc).

 

[cPanelLauren]

Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[Major Tom]

Thank you for your reply, I cannot follow that solution because of the license-type. As far as I understand it, I should be helped by the reseller but they are unhelpful.

 

[cPanelLauren]

If you have root-level access and you're unable to receive assistance from your provider you can still open a ticket with us. We do recommend you contact your provider first and we note that when you're opening the ticket but you can move past that screen.