Hi,
I am new to this OS.
I have a fresh installation of Linux Lite v2.0. The logging function in /var/log/syslog is not working--in fact, most of the logs show 0 bytes, despite me getting acquainted with the OS all day long.
I use iptables and depend on syslog to monitor network activity. Is there some configuration I must apply to enable logging?
Also, my iptables configuration is not being restored at boot-up from /etc/iptables.rules. I am following the same steps that always work on Ubuntu--placing the restore command as a pre-up instruction in /etc/network/interfaces. It would be nice if I didn't have to retype the iptables rules after each login! Does anyone know where I should put this command?
Thanks in advance.
Posts: 8,895
Threads: 541
Joined: Feb 2014
Reputation:
5
Did you originally save the iptables rules? Re. /var/log/syslog, delete the one that is there and recreate one as root.
Hi Valtram,
I re-wrote the iptables commands and they are being restored now. Probably an omission on my part.
As for the syslog issue, I think this may be a deeper problem. For instance, there are zero bytes in daemon.log, kern.log, messages, syslog, and user.log. (Mail.*, and lpr.log are also empty, but due to not being in use.) Additionally, there are no syslog daemon (syslogd) or syslog configuration (syslog.conf) files. For these reasons, I do not think deleting and recreating a file named 'syslog' will work.
It appears the logging function has been omitted; but there IS a syslog man-page, so perhaps not? I know there are several mechanisms by which logging can be accomplished. So I am trying to clarify: Is syslog not working due to these missing files, or is some other method of logging in use that needs to be activated somehow?
Perhaps you could check your Linux Lite and see if your situation is the same as mine? I am using version 2.0 beta--perhaps this is the cause? I've noticed that 'live CD' versions often omit logging; perhaps it was accidentally left out in the installable version--or maybe those files didn't unpack and install as expected...
I REALLY like what I see in Linux Lite, and would like to continue using it. But not having syslog is simply a deal-breaker for me. So, I appreciate your help very much!
Just an update on a bit of scrounging around I've done...
Some of you probably already know (but I am no techie so it's news to me) that rsyslog is the program that controls all the logging functions I have complained are not working. I read every readable file relating to rsyslog that "find / -name "*rsyslog*" turned up. The only thing suspicious I found in /etc/rsyslog.conf---the instruction to
start on filesystem
stop on runlevel [06]
so I changed the first line to "start on runlevel [2345]" to match the second line's format.
Mostly because there were a number of rsyslog-related files missing (according to the documentations I read), I removed rsyslog and reinstalled it--as well as ubuntu-minimal, which was tied to rsyslog. The re-install restored the missing files but, of course, did not replace the rsyslog.conf file. (I was leery about *purging* ubuntu-minimal, so chose to just remove and then reinstall them.) As a result of being cautious, I may have failed to remove the cause of this problem.
I also discovered that I can use 'logger' to send a message to syslog---which, unfortunately, did not show up in syslog, despite using the priority switch to specifically sending it to "-p syslog.info".
In all, I am no closer to a resolution, but I hopefully have provided some reader with enough information to recognize the issue and suggest a next step. Meanwhile, I'll try burning the Linux Lite .iso to a DVD disk; the tight squeeze onto a CD made the Linux Lite installation run a LOT slower--and my DVD drive work a lot harder--than I expected for an OS of this size. Maybe (fingers crossed!) rsyslog got lost in the shuffle. I'll reinstall the OS from a DVD, see if that makes any difference, and report back.
Back again after re-burning LL onto DVD media. Sad to say, no change.
Fearlessly, I purged rsyslog + ubuntu-minimal. The 'find' command used earlier now shows only
/var/log/upstart/rsyslog.log
/etc/rsyslog.d
/run/rsyslogd.pid
I suppose I should reboot, but am not sure whether that is even possible, with ubuntu-minimal gone...
My request to "sudo apt-get install rsyslog" was met with the following reply:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package rsyslog is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'rsyslog' has no installation candidate
Thinking I may need to reinstall ubuntu-minimal first, I tried that...However:
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package ubuntu-minimal
Then, when I tried Synaptic, I realized I had not updated the package lists. Once that was done, I tried installing rsyslog. Interestingly, that was possible to do WITHOUT bringing ubuntu-minimal along with it.
Also interesting is this notice shown at the end of the installation:
Creating config file /etc/rsyslog.d/50-default.conf with new version
The user `syslog' is already a member of `adm'.
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
rsyslog start/running, process 3252
Processing triggers for ureadahead (0.100.0-16) ...
Okay: /etc/apparmor.d/disable/usr.sbin.rsyslogd is a file containing configurations telling which rsyslog files will be read and followed, or skipped. If this 'profile' is being ignored, THAT could be the reason that the instructions in the file aren't being followed. But that is where the trail grows cold for me: I don't know where the instruction to ignore the profile are coming from.
I've taken this as far as I can. If anyone knows where I should go from here, I'd love to hear your ideas. If any of you like playing detective, get a copy of the 2.0-beta version and see if you can track this down. Or maybe one of LL's programmers already knows what to do?
In the meantime, I'll have to go back to my old OS. I really hope the inability to record system activities and warnings is soon resolved, though, because LL is exactly what I've been looking for, trying out one distro after another for the past year! Finding such a beautifully-designed OS without an ounce of bloat seemed like a miracle: I found LL on the same day that I gave up trying to create my own version of "lightweight and beautiful" from Ubuntu 14.04 Core. Naturally, I'm disappointed over having to set LL aside. I hope it won't be for long!
Posts: 8,895
Threads: 541
Joined: Feb 2014
Reputation:
5
Thanks for referring me to that post. I ran the configuration test indicated in the post to which you referred above. Here are the results:
rsyslogd: version 7.4.4, config validation run (level 1), master config /etc/rsyslog.d/50-default.conf
rsyslogd: End of config validation run. Bye.
I assume the lack of commentary in the report means no errors exist in the rsyslog configuration. Or, it could mean it didn't actually run, since I later discovered I needed to stop rsyslog first--which I didn't do...
The file /etc/rsyslog.conf claims I can find more information at /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html, but there is no such location. However, I did find something at /usr/share/doc/rsyslog/README.Debian; according to that file, setting RSYSLOGD_OPTIONS="" in etc/default/rsyslog to RYSYLOGD_OPTIONS="-c0", will make rsyslog command-line compatible with sysklogd, and automatically load a default set of modules. However, the file points out that the "default in Debian is -c3, i.e. command line arguments like -r or -m 0 have no effect and instead have to be configured via special configuration directives in rsyslog.conf." Because RSYSLOGD_OPTIONS in /etc/default/rsyslog was an empty string, I changed it to the Debian default, "-c3".
Upon reboot, syslog was not working. I changed the setting to "-c0" and rebooted again, but syslog still did not run.
Long story short, I spent several more hours delving yet further into the maze of rsyslog manpages, trying to figure out how to modify the config file so rsyslog would work. Then, it suddenly occurred to me that I was W-A-Y too far into trying to fix something that should just work and that the typical user should not even have to concern himself with. I decided it was time to simply abandon the idea of using Linux Lite. As I closed the numerous terminals and two browsers I'd been using, I suddenly had the urge to look at dmesg to see whether rsyslog even received the instruction to start up; and if so, whether it also had received the instruction to halt, for some reason. Lo and behold, all of the content normally displayed in syslog is showing up in dmesg.
I can't tell if changing the RSYSLOGD_OPTIONS caused this, or it's is the way the developers set rsyslog up--if so, I expect you'd have told me. And I could return the setting to the empty string to find out, but I'm frankly tired of the entire pursuit.
I do, at least, have a log to look at now, which is documenting my iptables output nicely. So, despite that syslog is still not working as expected, I'm done messing around with this issue, and just wanted to report the outcome for the benefit of others.
Thanks for your assistance.
I had the exact same problem.
After digging around, the problem was surprisingly simple:
All the log files in /var/log affected, were owned by root.
simply changing them to syslog.adm fixed the issue. I went throug the settings file /etc/rsyslog.d/50-defaout.conf and modified the ownership of each file listed.
There!
|