syslog not working in VPS [message #39787] |
Wed, 02 June 2010 09:16 |
jvegaseg
Messages: 9 Registered: June 2010
|
Junior Member |
|
|
I have 3 VPS in with Centos 5.4 64 bits and uname -a reports: Linux develop 2.6.18-164.15.1.el5.028stab068.9 #1 SMP Tue Mar 30 18:07:38 MSD 2010 x86_64 x86_64 x86_64 GNU/Linux
The problems is that dmesg shows nothing in the 3 VPS's and some applications which were reporting in /var/log/messages are not reporting now.
I HN dmesg is working well.
Another issue with that is that iptables is not logging in /var/log/messages. My iptables rules are:
iptables -A INPUT -j LOG --log-prefix '** IPTABLES **' --log-level 4
iptables -A OUTPUT -j LOG --log-prefix '** IPTABLES **' --log-level 4
I was googleing a lot and I could not find any answer.
People could you help me?
[Updated on: Wed, 02 June 2010 09:17] Report message to a moderator
|
|
|
|
Re: syslog not working in VPS [message #39883 is a reply to message #39880] |
Tue, 15 June 2010 07:13 |
khorenko
Messages: 533 Registered: January 2006 Location: Moscow, Russia
|
Senior Member |
|
|
Hi,
i guess you have to configure and enable service "syslogd" inside a Container, it is disabled by default.
--
Konstantin
If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
|
|
|
Re: syslog not working in VPS [message #39885 is a reply to message #39883] |
Tue, 15 June 2010 08:21 |
jvegaseg
Messages: 9 Registered: June 2010
|
Junior Member |
|
|
syslogd is running:
[root@develop etc]# service syslog status
syslogd (pid 15479) is running...
klogd (pid 15500) is running...
[root@develop etc]#
And the config file is:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
And syslog service starts when VPS stars.
Any clue?
[Updated on: Fri, 18 June 2010 07:06] Report message to a moderator
|
|
|
|
Re: syslog not working in VPS [message #39918 is a reply to message #39902] |
Wed, 23 June 2010 14:34 |
khorenko
Messages: 533 Registered: January 2006 Location: Moscow, Russia
|
Senior Member |
|
|
Hi,
you need to do several things in order to collect messages inside a Container:
1) install klogd. In my case it was a part of "sysklogd" package and was not installed by default.
[root@dhcp-10-30-19-35 run]# rpm -qf `which klogd`
sysklogd-1.4.1-46.el5
[root@dhcp-10-30-19-35 run]# cat /etc/*rele*
CentOS release 5.4 (Final)
2) "syslog" is hacked not to start klogd, so you need to revert the hack.
--- /etc/init.d/syslog.log 2010-06-23 18:22:06.000000000 +0400
+++ /etc/init.d/syslog 2010-06-23 18:22:39.000000000 +0400
@@ -38,14 +38,14 @@ start() {
RETVAL=$?
echo
echo -n $"Starting kernel logger: "
- passed klogd skipped #daemon klogd $KLOGD_OPTIONS
+ daemon klogd $KLOGD_OPTIONS
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog
return $RETVAL
}
stop() {
echo -n $"Shutting down kernel logger: "
- passed klogd skipped #killproc klogd
+ killproc klogd
echo
echo -n $"Shutting down system logger: "
killproc syslogd
@@ -56,7 +56,7 @@ stop() {
}
rhstatus() {
status syslogd
- #status klogd
+ status klogd
}
restart() {
stop
Why it was done so?:
it was done historically in order to maximize the performance: on the one hand you'd better run syslog because it collects a lot of logs from userspace applications, on the other hand messages from kernel most often are useless inside a Container.
Hope that helps.
--
Konstantin
If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
|
|
|
Re: syslog not working in VPS [message #39921 is a reply to message #39918] |
Wed, 23 June 2010 20:02 |
jvegaseg
Messages: 9 Registered: June 2010
|
Junior Member |
|
|
Dear Konstantin, thanks for your answer. As I said before:
1.- Services klogd and syslogd are running:
[root@dialer init.d]# service syslog status
syslogd (pid 30275) is running...
klogd (pid 30278) is running...
2.- Service syslog starts when machine starts and /etc/init.d/syslog seams to be the same as you called "unhacked":
#!/bin/bash
#
# syslog Starts syslogd/klogd.
#
#
# chkconfig: 2345 12 88
# description: Syslog is the facility by which many daemons use to log \
# messages to various system log files. It is a good idea to always \
# run syslog.
### BEGIN INIT INFO
# Provides: $syslog
### END INIT INFO
# Source function library.
. /etc/init.d/functions
RETVAL=0
start() {
[ -x /sbin/syslogd ] || exit 5
[ -x /sbin/klogd ] || exit 5
# Source config
if [ -f /etc/sysconfig/syslog ] ; then
. /etc/sysconfig/syslog
else
SYSLOGD_OPTIONS="-m 0"
KLOGD_OPTIONS="-2"
fi
if [ -z "$SYSLOG_UMASK" ] ; then
SYSLOG_UMASK=077;
fi
umask $SYSLOG_UMASK
echo -n $"Starting system logger: "
daemon syslogd $SYSLOGD_OPTIONS
RETVAL=$?
echo
echo -n $"Starting kernel logger: "
daemon klogd $KLOGD_OPTIONS
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog
return $RETVAL
}
stop() {
echo -n $"Shutting down kernel logger: "
killproc klogd
echo
echo -n $"Shutting down system logger: "
killproc syslogd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/syslog
return $RETVAL
}
rhstatus() {
status syslogd
status klogd
}
restart() {
stop
start
}
reload() {
RETVAL=1
syslog=`cat /var/run/syslogd.pid 2>/dev/null`
echo -n "Reloading syslogd..."
if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then
kill -HUP "$syslog";
RETVAL=$?
fi
if [ $RETVAL -ne 0 ]; then
failure
else
success
fi
echo
RETVAL=1
echo -n "Reloading klogd..."
klog=`cat /var/run/klogd.pid 2>/dev/null`
if [ -n "${klog}" ] && [ -e /proc/"${klog}" ]; then
kill -USR2 "$klog";
RETVAL=$?
fi
if [ $RETVAL -ne 0 ]; then
failure
else
success
fi
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
[ -f /var/lock/subsys/syslog ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
exit 2
esac
exit $?
3.- Some processes write some information in /var/log/messages:
Jun 20 05:36:01 dialer syslogd 1.4.1: restart.
Jun 20 11:09:08 dialer rssh[4059]: setting log facility to LOG_USER
Jun 20 11:09:08 dialer rssh[4059]: allowing scp to all users
Jun 20 11:09:08 dialer rssh[4059]: allowing sftp to all users
Jun 20 11:09:08 dialer rssh[4059]: setting umask to 022
Jun 20 11:09:08 dialer rssh[4059]: chrooting all users to /usr/local/chroot
Jun 20 11:09:08 dialer rssh[4059]: line 52: configuring user XXXX
Jun 20 11:09:08 dialer rssh[4059]: setting XXXX's umask to 022
Jun 20 11:09:08 dialer rssh[4059]: allowing scp to user XXXX
Jun 20 11:09:08 dialer rssh[4059]: allowing sftp to user XXXX
Jun 20 11:09:08 dialer rssh[4059]: chrooting XXXX to /usr/local/chroot
Jun 20 11:09:08 dialer rssh[4059]: chroot cmd line: /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server"
4.- dmesg command echoes nothing:
[root@dialer ~]# dmesg
[root@dialer ~]#
5.- Iptables is not logging in /var/log/messages. My iptables rules are:
iptables -A INPUT -j LOG --log-prefix '** IPTABLES **' --log-level 4
iptables -A OUTPUT -j LOG --log-prefix '** IPTABLES **' --log-level 4
Sumary:
a.- It is not a problem of not running the syslog service.
b.- It is a problem of the service itself or a problem of configuration
Please, could you give me any clue?
Thanks in advance
[Updated on: Wed, 23 June 2010 23:34] Report message to a moderator
|
|
|
Re: syslog not working in VPS [message #39925 is a reply to message #39921] |
Thu, 24 June 2010 11:54 |
khorenko
Messages: 533 Registered: January 2006 Location: Moscow, Russia
|
Senior Member |
|
|
May be you have too low printk log levels?
Please, check sysctl "kernel.printk".
On my system it has value = "6 4 1 8"
--
Konstantin
If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
|
|
|
|
|
Re: syslog not working in VPS [message #39945 is a reply to message #39926] |
Tue, 29 June 2010 10:03 |
khorenko
Messages: 533 Registered: January 2006 Location: Moscow, Russia
|
Senior Member |
|
|
Ok,
in case there are no chances to get a look at the node, i suggest another way:
as i've checked and iptables logging works fine for me, i believe this is just some configuration issue.
So, can you please try to reproduce the issue on the clean node and write down all your actions?
i mean - from the very beginning: installing CentOS (which version, how was it installed - which packages, etc.), the process of OpenVZ installation, where did you take the template for your experimental Container, which commands you used to enabled iptables inside a CT, so everything.
After that i'll try to do the very same on my side.
Hope that helps.
--
Konstantin
If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
|
|
|
|
|
|
|
Re: syslog not working in VPS [message #39962 is a reply to message #39945] |
Wed, 30 June 2010 21:41 |
jvegaseg
Messages: 9 Registered: June 2010
|
Junior Member |
|
|
I will try to start from scratch but I have several VPS and it occurs the same in everyone.
If you think it is a configuration issue, what configurations should affect this issue?
I think there is a few "places" where configuration can affect.
Please, could you identify that "places" or configurations?
It could be only:
- It could be an IPTABLES configuration issue, but in this case, why dmesg is reporting nothing??
- It could be a syslog configuration issue, but in this case, why some applications are reporting well in /var/log/messages??
All of this has no much sense, it seems it could be simply a BUG. Syslog is disabled by default, so it could be not tested enough.
|
|
|