Re: System logs are being logged to wrong files

Hi,

NOTE: Kindly CC me when replying, I am not subscribed.

I picked up the reply from the list archive.

On Sat, 31 Oct 2009 02:15:19 +0200 Jari Fredriksson wrote:
30.10.2009 22:56, P K kirjoitti:
Hi,

Kindly CC me when replying, I am not subscribed. Thanks. Now:

I am using Debian/Sid (sidux actually) on a i686 machine. Over the
past few months, I have seen various logs being logged to the wrong
files, ie, they are being logged to the xyzlog.1 file instead of the
xyzlog files. For example, consider the datestamps & sizes of the
following files (obtained using [1], output edited):

Modification Change Size Filename
2009-10-30 14:59:14 2009-10-30 14:59:14 0 auth.log
2009-10-30 16:43:18 2009-10-30 16:43:18 4901 auth.log.1

As you can see from the size and timestamps:
1. logs for auth, daemon, kern, syslog are sent to the wrong file (*.1)
2. logs for dpkg, kdm, mail, user seems to be OK.
Does anyone know what may be causing such a behavior? I can provide
further information, as needed.

This is just a wild guess, but it seems that your logger is keeping the
files open, and it was not restarted when the logrotate named the logs
again. Seems that the logger had auth.log open, and Linux just keeps
writing to that file (INODE) no matter if the name was changed.


Thanks for the reply.
So, I assume this is not a common problem. Any ways to fix / or
further investigate this?

Thanks,
--
Regards
PK
--------------------------------------
http://counter.li.org #402424


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: Help about understating the Intrusion Detection systems
    ... > Thanks to all of you for replying, I see that you guys are not big ... > fans of any IDS's, but at least running one on my network wouldn't do ... Well this is based on your logs so I know the others won't approve of it as ... It has a nice pre-made rule set to get you started and will email and CC ...
    (comp.security.misc)
  • Re: Help about understating the Intrusion Detection systems
    ... > Thanks to all of you for replying, I see that you guys are not big ... > fans of any IDS's, but at least running one on my network wouldn't do ... Well this is based on your logs so I know the others won't approve of it as ... It has a nice pre-made rule set to get you started and will email and CC ...
    (comp.security.firewalls)
  • Re: IE Homepage
    ... I haven't browsed the boards in a while so sorry for replying so late. ... Keep in mind that this will ... be applied to _anyone_ that logs into the machine. ... can be done under Internet Explorer Maintenance but that does not help ...
    (microsoft.public.windows.group_policy)
  • Re: Repeatable, non-permanent Classic start-up noise
    ... Ted Lee wrote: ... >> I tried an experiement. ... (sorry about replying to myself!) ... I took a look at all the logs right after I recreated the problem. ...
    (comp.sys.mac.system)
  • Re: OLC participation
    ... An update on the OLC Red Marks. ... problems is Volkslogger users downloading their logs in test mode. ... this by running the IGC validation program from your logger ... Do not erase the logger memory until you verifiy ...
    (rec.aviation.soaring)