Hi,

On my Redhat 9 machine, I recently noticed that during bootup the
"Starting system loggin" says FAILED. I have looked at
/var/log/messages and I see that not messages older than about 3 days
are in the log. I cannot recall anything specific I did to cause the
logging to stop working.
I have not touched etc/syslog.conf. Can anyone suggest on how to
get this working again ?

Regards
Anton Erasmus

Anton Erasmus <junk@junk.net> wrote:
> Can anyone suggest on how to get this working again ?

Start syslogd manually and look for error messages.
Davide

On 24 Sep 2003 18:30:20 GMT, Davide Bianchi
<davideyeahsure@onlyforfun.net> wrote:

>Anton Erasmus <junk@junk.net> wrote:
>> Can anyone suggest on how to get this working again ?
>
>Start syslogd manually and look for error messages.
>Davide

It says syslogd already running.
At startup it still says FAIL as the result for "Starting Syslog".
Nothing is being added to /var/log/messages.
Anyway, at least together with man syslogd, I have some direction
in which to search for the problem and solution.

Thanks
Anton Erasmus

Anton Erasmus <junk@junk.net> wrote:
> It says syslogd already running.

If you use ps -ef | grep syslog do you see it working? What if you
try to kill it and then restart it?

Davide

On 25 Sep 2003 18:06:38 GMT, Davide Bianchi
<davideyeahsure@onlyforfun.net> wrote:

>Anton Erasmus <junk@junk.net> wrote:
>> It says syslogd already running.
>
>If you use ps -ef | grep syslog do you see it working? What if you
>try to kill it and then restart it?
>
>Davide

Logged in as root on tty2 I get:
3130 tty2 S 0:00 grep syslog HOSTNAME=duzi.antera.net
PVM_RSH=/usr/bin

If I do:
kill 3130
I get:
No such process

If I do:
kill -SIGHUP 'cat /var/run/syslogd.pid'
as suggested by the syslogd man file to
restart syslogd
I get:
cat /var/run/syslogd.pid: no such pid.
If I do:
cat /var/run/syslogd.pid
I get 2061
If I do:
kill -SIGHUP 2061
I get just the normal prompt.
If I then look in /var/log/messages I actually
get a line indicating that syslogd has been restarted.

Regards
Anton Erasmus

Anton Erasmus <junk@junk.net> wrote:
> cat /var/run/syslogd.pid
> I get 2061

And if you ps -ef | grep 2061 (or whatever PID is in the /var/run/syslog.pid)
what you see?

> get a line indicating that syslogd has been restarted.

So it looks like is started and running, but is not logging anything.
Maybe is a problem in the syslog.conf file. Have you checked it?

Davide

On 27 Sep 2003 18:25:35 GMT, Davide Bianchi
<davideyeahsure@onlyforfun.net> wrote:

>Anton Erasmus <junk@junk.net> wrote:
>> cat /var/run/syslogd.pid
>> I get 2061
>
>And if you ps -ef | grep 2061 (or whatever PID is in the /var/run/syslog.pid)
>what you see?
>
>> get a line indicating that syslogd has been restarted.
>
>So it looks like is started and running, but is not logging anything.
>Maybe is a problem in the syslog.conf file. Have you checked it?
>

Below is a transcript of what I get.

[anton@duzi anton]$ tail /var/log/messages
Sep 28 12:30:35 duzi syslogd 1.3-0: restart.
[root@duzi anton]# cat /var/run/syslogd.pid
2061
[root@duzi anton]# ps -ef | grep 2061
root 2061 1 0 19:32 ? 00:00:00 syslogd -m 0
root 3065 3032 0 20:34 pts/1 00:00:00 grep 2061
[root@duzi anton]# tail /var/log/messages
Sep 28 12:30:35 duzi syslogd 1.3-0: restart.
[root@duzi anton]# kill -SIGHUP 2061
[root@duzi anton]# tail /var/log/messages
Sep 28 12:30:35 duzi syslogd 1.3-0: restart.
Sep 30 20:34:46 duzi syslogd 1.3-0: restart.

I have not touched the syslog.conf file. It should be as originally
installed. I have another RH9 box, where the syslog works as
it should. I will copy it's syslog.conf file to the box that is giving
problems.

Regards
Anton Erasmus

Anton Erasmus <junk@junk.net> wrote:
> root 2061 1 0 19:32 ? 00:00:00 syslogd -m 0

It looks like it's working, the -m disable the insertion of a "mark"
message every x minutes, the default it's 20 minutes, setting it to
0 disable it.

> I have not touched the syslog.conf file. It should be as originally
> installed.

If you didn't changed it, maybe someone else did. I'd test for
rootkit on that machine.

Davide

On 30 Sep 2003 18:44:15 GMT, Davide Bianchi
<davideyeahsure@onlyforfun.net> wrote:

>Anton Erasmus <junk@junk.net> wrote:
>> root 2061 1 0 19:32 ? 00:00:00 syslogd -m 0
>
>It looks like it's working, the -m disable the insertion of a "mark"
>message every x minutes, the default it's 20 minutes, setting it to
>0 disable it.

The problem is that it is not logging anything. At startup the syslog
process startup is reported as FAILED. It works fine after
I do the kill -SIGHUP pid command. (Until the next reboot)
I switch this machine off every time after I have used it, hence
a working syslogd directly after startup would be nice.
Anything else failing normally writes to the log file. With the actual
logging not starting up, where does one look ?
the kernel log seems to start up correctly. Might the reason for
the syslogd failing at startup be logged here ?

>> I have not touched the syslog.conf file. It should be as originally
>> installed.
>
>If you didn't changed it, maybe someone else did. I'd test for
>rootkit on that machine.

I am the only person with access to this machine. I am as close to
100% sure as can be that no-one except myself have ever used
the machine. I had been playing with some source and binary rpm's
for various utilities. Can a install via rpm cause such problems ?

Regards
Anton Erasmus

>Davide

Anton Erasmus <junk@junk.net> wrote:
> The problem is that it is not logging anything. At startup the syslog
> process startup is reported as FAILED.

Check in /etc/rc.d/initd which script start syslogd and (eventually)
add there the SIGHUP command, I admit that isn't a really good
solution, but if it works...

> Might the reason for the syslogd failing at startup be logged here ?

COuld be, check.

> Can a install via rpm cause such problems ?

It shouldn't...

Davide