darwin7

Active Member
Jun 9, 2011
36
4
58
Milan
cPanel Access Level
Root Administrator
Good morning
I received an lfd message ("SYSLOG Check Failed") reporting that syslog is not working properly.

I checked the service and it seem running and working:
[email protected] [~] # service rsyslog status
Redirecting to /bin/systemctl status rsyslog.service
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-12-10 09:25:41 CET; 3min 4s ago
Main PID: 595937 (rsyslogd)
CGroup: /system.slice/rsyslog.service
└─595937 /usr/sbin/rsyslogd -n
I also tried to manually add an entry:
[email protected] [~] # logger -p auth.notice "log test"
[email protected] [~] # grep "log test" /var/log/messages
[email protected] [~] #
...but I had nothing in return.

Then, I've seen that /var/log/messages is empty. Not sure that this is normal.

Finally:
1) the server is a newly setup server. syslog never worked well on this machine
2) checked /etc/rsyslog.conf and verified that it is identical to same file (/etc/rsyslog.conf) on other servers.


Please, what can I do?
Thank you
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,262
313
Houston
Hi @darwin7


While I do want to point out that this question is more geared towards a system administrator. I'd like to see if it's a simple fix. Can you show me what the following two lines look like in /etc/ryslog.conf?

Code:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
You can find this easily by running the following:
Code:
[[email protected] dynamicui]# egrep 'imuxsock|imjournal' /etc/rsyslog.conf |grep ModLoad
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
 

darwin7

Active Member
Jun 9, 2011
36
4
58
Milan
cPanel Access Level
Root Administrator
Hi @cPanelLauren

no longer need to check, because yesterday rsyslog started to work normally.

I investigated further, but unfortunately I was unable to understand what happened and why it fixed itself after >10 days of problems.

Thank you for your help :)
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,262
313
Houston
Hi @darwin7

That's odd! I'm glad it's working as intended now, thanks for letting us know. If you do run into any further issues with it let us know and we'll help as best we can.

Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,262
313
Houston
Hello @IMH-2018


Does it begin writing to messages or maillog if you restart it? What OS are you running? What is the output of the following:

Code:
[[email protected] dynamicui]# egrep 'imuxsock|imjournal' /etc/rsyslog.conf |grep ModLoad
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
 

IMH-2018

Registered
Aug 12, 2018
4
0
1
atlanta
cPanel Access Level
Root Administrator
Hello,

I didnt try restarting the server.
I am using Cloudlinux release 7.6

And the output.....
iam1.jpeg

are there any new update to resolve this issue
 
Last edited by a moderator:

Major Tom

Member
Apr 25, 2005
10
1
151
I have the same issue for quite a while now (WHM 82.0.16 centos 7.7), however rebooting is of no use. I have the required entries in rsyslog.conf. Actually I have managed to kind of solve the issue by commenting out $OmitLocalLogging on and was wondering what the drawbacks are of leaving this fix in place.
I have tried no end of solutions to get rsyslog to pull entries from the journal, including restarts of all related services, erasing the rsyslog state file, rotating the journal files and turning compress off which I was hoping would fix the file corruption that 'journalctl --verify' finds in the current journald file ("entry timestamp out of synchronization"). Journald works fine and displays logs regardless of the corruption issue but rsyslog cannot pull entries from it. Even if I erase or vacuum the current journald file, corruption reappears in the new file yet journald works fine and picks up logger command tests. Nothing appears in any of the files stated in the rsyslog configuration (messages, maillog etc).
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,262
313
Houston
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

Major Tom

Member
Apr 25, 2005
10
1
151
Thank you for your reply, I cannot follow that solution because of the license-type. As far as I understand it, I should be helped by the reseller but they are unhelpful.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,262
313
Houston
If you have root-level access and you're unable to receive assistance from your provider you can still open a ticket with us. We do recommend you contact your provider first and we note that when you're opening the ticket but you can move past that screen.