Syslog and/or logrotate problem
Jeremy Fowler
jfowler at westrope.com
Fri Oct 25 15:54:41 CDT 2002
> [root at ray logrotate.d]# cat /etc/logrotate.conf
> # see "man logrotate" for details
> # rotate log files weekly
> daily
You may have a problem here, you will be rotating your logs once a day and only
keep 4 days worth of info. I hope this is just set to 'daily' for testing
purposes and should be set back to 'weekly' afterwards.
> [root at ray logrotate.d]# cat syslog
> /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
> /var/log/boot.log /var/log/cron {
> sharedscripts
> postrotate
> /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
> || true
> endscript
> }
First check to see if /var/run/syslogd.pid contains the actual PID of syslogd:
#ps ax |grep syslogd
353 ? S 10:09 syslogd -m 0
#cat /var/run/syslogd.pid
353
If not stop syslogd (/etc/rc.d/init.d/syslogd stop), delete
/var/run/syslogd.pid, and start syslogd again.(/etc/rc.d/init.d/syslogd start).
Check the pids again to see if they match.
If they match, try running the kill -HUP command from the command prompt to see
if it is working, but remove the stderr redirect to /dev/null:
So run this from the command prompt and see if you get any errors:
#/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null`
Also, make sure that if you are using any kernel security patches (GRSecurity,
LIDS, etc.) that you have your ACLS setup correctly.
More information about the Kclug
mailing list