Results 1 to 10 of 23

Thread: Log files not working

Hybrid View

  1. #1
    Join Date
    Oct 2011
    Beans
    47

    Log files not working

    I have Ubuntu server 11.10 installed and it has been running great for 10 8 months or so.
    at one point i kept getting ssh attacks to i put a firewall on the system and then would periodically check the auth.log file to see how many attacks i was getting.

    however this week i noticed that the auth.log file have not changed for 3 weeks.
    and NONE of my ssh login atempts good or bad have been logged.

    this was working fine up untill 3 weeks ago.

    I looked around online and could not find much.
    one person suggested it might be logrotate
    so i ran

    Code:
    sudo logrotate --force --verbose /etc/logrotate.conf
    Im wondering if the logging not working has anything to do with the first couple lines saying Ignoring syslog-ng.disabled, because of .disabled ending




    the out put was :


    Code:
    reading config file /etc/logrotate.conf
    including /etc/logrotate.d
    Ignoring syslog-ng.disabled, because of .disabled ending
    Ignoring rsyslog.disabled, because of .disabled ending
    reading config file apport
    reading config info for /var/log/apport.log
    reading config file apt
    reading config info for /var/log/apt/term.log
    reading config info for /var/log/apt/history.log
    reading config file aptitude
    reading config info for /var/log/aptitude
    reading config file atop
    reading config info for /var/log/atop.log
    reading config file dpkg
    reading config info for /var/log/dpkg.log
    reading config info for /var/log/alternatives.log
    reading config file ppp
    reading config info for /var/log/ppp-connect-errors
    reading config file proftpd-basic
    reading config info for /var/log/proftpd/proftpd.log
    /var/log/proftpd/controls.log
    
    reading config info for /var/log/proftpd/xferlog
    /var/log/proftpd/xferreport
    
    reading config file psaccs_atop
    reading config info for /var/log/atop/dummy_before
    reading config file psaccu_atop
    reading config info for /var/log/atop/dummy_after
    reading config file samba
    reading config info for /var/log/samba/log.smbd
    reading config info for /var/log/samba/log.nmbd
    reading config file ufw
    reading config info for /var/log/ufw.log
    
    reading config file unattended-upgrades
    reading config info for /var/log/unattended-upgrades/unattended-upgrades.log
    reading config file winbind
    reading config info for /var/log/samba/log.winbindd
    reading config info for /var/log/wtmp
    reading config info for /var/log/btmp
    
    Handling 19 logs
    
    rotating pattern: /var/log/apport.log  forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/apport.log
      log /var/log/apport.log does not exist -- skipping
    
    rotating pattern: /var/log/apt/term.log  forced from command line (12 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/apt/term.log
      log does not need rotating
    
    rotating pattern: /var/log/apt/history.log  forced from command line (12 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/apt/history.log
      log does not need rotating
    
    rotating pattern: /var/log/aptitude  forced from command line (6 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/aptitude
      log /var/log/aptitude does not exist -- skipping
    
    rotating pattern: /var/log/atop.log  forced from command line (14 rotations)
    empty log files are rotated, old logs are removed
    considering log /var/log/atop.log
      log needs rotating
    rotating log /var/log/atop.log, log->rotateCount is 14
    dateext suffix '-20120813'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    renaming /var/log/atop.log.14 to /var/log/atop.log.15 (rotatecount 14, logstart 1, i 14),
    renaming /var/log/atop.log.13 to /var/log/atop.log.14 (rotatecount 14, logstart 1, i 13),
    renaming /var/log/atop.log.12 to /var/log/atop.log.13 (rotatecount 14, logstart 1, i 12),
    renaming /var/log/atop.log.11 to /var/log/atop.log.12 (rotatecount 14, logstart 1, i 11),
    renaming /var/log/atop.log.10 to /var/log/atop.log.11 (rotatecount 14, logstart 1, i 10),
    renaming /var/log/atop.log.9 to /var/log/atop.log.10 (rotatecount 14, logstart 1, i 9),
    renaming /var/log/atop.log.8 to /var/log/atop.log.9 (rotatecount 14, logstart 1, i 8),
    renaming /var/log/atop.log.7 to /var/log/atop.log.8 (rotatecount 14, logstart 1, i 7),
    renaming /var/log/atop.log.6 to /var/log/atop.log.7 (rotatecount 14, logstart 1, i 6),
    renaming /var/log/atop.log.5 to /var/log/atop.log.6 (rotatecount 14, logstart 1, i 5),
    renaming /var/log/atop.log.4 to /var/log/atop.log.5 (rotatecount 14, logstart 1, i 4),
    renaming /var/log/atop.log.3 to /var/log/atop.log.4 (rotatecount 14, logstart 1, i 3),
    renaming /var/log/atop.log.2 to /var/log/atop.log.3 (rotatecount 14, logstart 1, i 2),
    renaming /var/log/atop.log.1 to /var/log/atop.log.2 (rotatecount 14, logstart 1, i 1),
    renaming /var/log/atop.log.0 to /var/log/atop.log.1 (rotatecount 14, logstart 1, i 0),
    old log /var/log/atop.log.0 does not exist
    running prerotate script
    renaming /var/log/atop.log to /var/log/atop.log.1
    running postrotate script
    removing old log /var/log/atop.log.15
    
    rotating pattern: /var/log/dpkg.log  forced from command line (12 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/dpkg.log
      log does not need rotating
    
    rotating pattern: /var/log/alternatives.log  forced from command line (12 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/alternatives.log
      log does not need rotating
    
    rotating pattern: /var/log/ppp-connect-errors  forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/ppp-connect-errors
      log /var/log/ppp-connect-errors does not exist -- skipping
    
    rotating pattern: /var/log/proftpd/proftpd.log
    /var/log/proftpd/controls.log
     forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/proftpd/proftpd.log
      log needs rotating
    considering log /var/log/proftpd/controls.log
      log does not need rotating
    rotating log /var/log/proftpd/proftpd.log, log->rotateCount is 7
    dateext suffix '-20120813'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    renaming /var/log/proftpd/proftpd.log.7.gz to /var/log/proftpd/proftpd.log.8.gz (rotatecount 7, logstart 1, i 7),
    renaming /var/log/proftpd/proftpd.log.6.gz to /var/log/proftpd/proftpd.log.7.gz (rotatecount 7, logstart 1, i 6),
    renaming /var/log/proftpd/proftpd.log.5.gz to /var/log/proftpd/proftpd.log.6.gz (rotatecount 7, logstart 1, i 5),
    renaming /var/log/proftpd/proftpd.log.4.gz to /var/log/proftpd/proftpd.log.5.gz (rotatecount 7, logstart 1, i 4),
    renaming /var/log/proftpd/proftpd.log.3.gz to /var/log/proftpd/proftpd.log.4.gz (rotatecount 7, logstart 1, i 3),
    renaming /var/log/proftpd/proftpd.log.2.gz to /var/log/proftpd/proftpd.log.3.gz (rotatecount 7, logstart 1, i 2),
    renaming /var/log/proftpd/proftpd.log.1.gz to /var/log/proftpd/proftpd.log.2.gz (rotatecount 7, logstart 1, i 1),
    renaming /var/log/proftpd/proftpd.log.0.gz to /var/log/proftpd/proftpd.log.1.gz (rotatecount 7, logstart 1, i 0),
    old log /var/log/proftpd/proftpd.log.0.gz does not exist
    renaming /var/log/proftpd/proftpd.log to /var/log/proftpd/proftpd.log.1
    creating new /var/log/proftpd/proftpd.log mode = 0640 uid = 0 gid = 4
    running postrotate script
    removing old log /var/log/proftpd/proftpd.log.8.gz
    
    rotating pattern: /var/log/proftpd/xferlog
    /var/log/proftpd/xferreport
     forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/proftpd/xferlog
      log does not need rotating
    considering log /var/log/proftpd/xferreport
      log does not need rotating
    not running prerotate script, since no logs will be rotated
    not running postrotate script, since no logs were rotated
    
    rotating pattern: /var/log/atop/dummy_before  forced from command line (1 rotations)
    empty log files are rotated, old logs are removed
    considering log /var/log/atop/dummy_before
      log /var/log/atop/dummy_before does not exist -- skipping
    not running postrotate script, since no logs were rotated
    
    rotating pattern: /var/log/atop/dummy_after  forced from command line (1 rotations)
    empty log files are rotated, old logs are removed
    considering log /var/log/atop/dummy_after
      log /var/log/atop/dummy_after does not exist -- skipping
    not running postrotate script, since no logs were rotated
    
    rotating pattern: /var/log/samba/log.smbd  forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/samba/log.smbd
      log needs rotating
    rotating log /var/log/samba/log.smbd, log->rotateCount is 7
    dateext suffix '-20120813'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    renaming /var/log/samba/log.smbd.7.gz to /var/log/samba/log.smbd.8.gz (rotatecount 7, logstart 1, i 7),
    renaming /var/log/samba/log.smbd.6.gz to /var/log/samba/log.smbd.7.gz (rotatecount 7, logstart 1, i 6),
    renaming /var/log/samba/log.smbd.5.gz to /var/log/samba/log.smbd.6.gz (rotatecount 7, logstart 1, i 5),
    renaming /var/log/samba/log.smbd.4.gz to /var/log/samba/log.smbd.5.gz (rotatecount 7, logstart 1, i 4),
    renaming /var/log/samba/log.smbd.3.gz to /var/log/samba/log.smbd.4.gz (rotatecount 7, logstart 1, i 3),
    renaming /var/log/samba/log.smbd.2.gz to /var/log/samba/log.smbd.3.gz (rotatecount 7, logstart 1, i 2),
    renaming /var/log/samba/log.smbd.1.gz to /var/log/samba/log.smbd.2.gz (rotatecount 7, logstart 1, i 1),
    renaming /var/log/samba/log.smbd.0.gz to /var/log/samba/log.smbd.1.gz (rotatecount 7, logstart 1, i 0),
    old log /var/log/samba/log.smbd.0.gz does not exist
    renaming /var/log/samba/log.smbd to /var/log/samba/log.smbd.1
    creating new /var/log/samba/log.smbd mode = 0644 uid = 0 gid = 0
    running postrotate script
    compressing log with: /bin/gzip
    removing old log /var/log/samba/log.smbd.8.gz
    
    rotating pattern: /var/log/samba/log.nmbd  forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/samba/log.nmbd
      log does not need rotating
    not running postrotate script, since no logs were rotated
    
    rotating pattern: /var/log/ufw.log
     forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/ufw.log
      log does not need rotating
    not running postrotate script, since no logs were rotated
    
    rotating pattern: /var/log/unattended-upgrades/unattended-upgrades.log  forced from command line (6 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/unattended-upgrades/unattended-upgrades.log
      log /var/log/unattended-upgrades/unattended-upgrades.log does not exist -- skipping
    
    rotating pattern: /var/log/samba/log.winbindd  forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/samba/log.winbindd
      log does not need rotating
    not running postrotate script, since no logs were rotated
    
    rotating pattern: /var/log/wtmp  forced from command line (1 rotations)
    empty log files are rotated, old logs are removed
    considering log /var/log/wtmp
      log needs rotating
    rotating log /var/log/wtmp, log->rotateCount is 1
    dateext suffix '-20120813'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    renaming /var/log/wtmp.1 to /var/log/wtmp.2 (rotatecount 1, logstart 1, i 1),
    renaming /var/log/wtmp.0 to /var/log/wtmp.1 (rotatecount 1, logstart 1, i 0),
    old log /var/log/wtmp.0 does not exist
    renaming /var/log/wtmp to /var/log/wtmp.1
    creating new /var/log/wtmp mode = 0664 uid = 0 gid = 43
    removing old log /var/log/wtmp.2
    
    rotating pattern: /var/log/btmp  forced from command line (1 rotations)
    empty log files are rotated, old logs are removed
    considering log /var/log/btmp
      log needs rotating
    rotating log /var/log/btmp, log->rotateCount is 1
    dateext suffix '-20120813'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    renaming /var/log/btmp.1 to /var/log/btmp.2 (rotatecount 1, logstart 1, i 1),
    renaming /var/log/btmp.0 to /var/log/btmp.1 (rotatecount 1, logstart 1, i 0),
    old log /var/log/btmp.0 does not exist
    renaming /var/log/btmp to /var/log/btmp.1
    creating new /var/log/btmp mode = 0660 uid = 0 gid = 43
    removing old log /var/log/btmp.2
    UBserver@Vault:/etc/logrotate.d$

  2. #2
    Join Date
    Oct 2011
    Beans
    47

    Re: Log files not working

    I had recently installed syslog-ng on the system, but the uninstalled (apt-get remove syslog-ng) thinking that my default logging with continue, im not sure if this is what caused the issue.

  3. #3
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,002
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Log files not working

    Quote Originally Posted by Catalyph View Post
    ... thinking that my default logging would continue, ...
    that is very unlikely - I'd expect the syslog-ng package would have a "Conflict" with other similar loggers (sysklogd, rsyslog, ...) so when you install syslog-ng, the others get removed. So there's no fall-back when you uninstall syslog-ng.

    You probably need to reinstall a logging daemon. rsyslog works very well.

  4. #4
    Join Date
    Oct 2011
    Beans
    47

    Re: Log files not working

    is rsyslog the default for ubuntu 11.10 ?

  5. #5
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,002
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Log files not working

    Quote Originally Posted by Catalyph View Post
    is rsyslog the default for ubuntu 11.10 ?
    don't know. It's the default in 12.04 but it is relatively new (to Debian standards) so I'm not sure when it started appearing in Ubuntu.

    you could check the repo's eg
    Code:
      :~$ apt-cache search rsyslog
    
    ...
    
    rsyslog - enhanced multi-threaded syslogd
    rsyslog-doc - documentation for rsyslog
    rsyslog-gnutls - TLS protocol support for rsyslog
    rsyslog-gssapi - GSSAPI authentication and encryption support for rsyslog
    rsyslog-mysql - MySQL output plugin for rsyslog
    rsyslog-pgsql - PostgreSQL output plugin for rsyslog
    rsyslog-relp - RELP protocol support for rsyslog

  6. #6
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,002
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Log files not working

    scratch that

    I'm still on 10.04 and it has rsyslog, so
    yeah.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •