linux - 某工的centos7 启动了rsyslog之后，日志/var/log/messages等都不产生日志了，都是空的。求大神解决！

Question

之前一直有日志生成的，正常运行，自从前几天搞了下好像重启了下rsyslog ，最后一次轮替日志之后，/var/log/message, /var/log/secure等都不记录了，并且都是空文件。

求高手帮忙看看，我想知道怎么解决，也想知道这是什么原因。感激不尽。

配置文件/etc/rsyslog.conf

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

/var/log/secure等都是空的，除了*-20161211是保留到截止9号的日志

/var/log/secure等都是空的

rsyslog也是重启过的

也就是从8号就开始不正常记录日志了，这个是fail2ban-20161211那个日志最后几行截图

Answer 1

I refreshed this page while looking for bugs, and I couldn’t wait for God’s rescue. This @StormerZ also answered irrelevant questions, occupied the page, and gave bad reviews and criticized by name!
So far, I finally found a solution. Life is always like this. Sometimes you still have to ask and answer your own questions.
First I reboot restarted the server, but it didn’t work. reboot重启服务器，没用。
然后我在修改了syslog配置文件,在/ect/logroate.d/syslog, 重启systemctl restart rsyslog
依然没用。

/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    missingok
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

后来干脆把/var/log/messages手动删掉重新运行rsyslog, 结果可预测，还是没用。
至此，依然不知道问题出在哪里。
好吧，真烦。
很想出去奔跑。

最后决定重装下rsyslog,于是
yum reinstall rsyslog
重启了rsyslog，结果还是没用。
这是为啥子为啥子，看来是配置文件有问题咯！
好吧，那来找一下配置文件/etc/rsyslog.conf,网站找了下其他人的配置，改成如下：

#$ModLoad imjournal # provides access to the systemd journal
#Enable by uncommenting
$ModLoad imklog # reads kernel messages (the same are read from journald)

#Comment out
#$OmitLocalLogging on

#Comment out
#$IMJournalStateFile imjournal.state

重启rsyslog

$ systemctl stop rsyslog.service
$ systemctl start rsyslog.service

$ tail -f /var/log/secure
终于可以啦~ 有记录啦。

于是为了验证确实是这个问题，我再/etc/rsyslog.confThen I modified the syslog configuration file, in /ect/logroate.d/syslog, and restarted systemctl restart rsyslog
It still didn’t work.

rrreee

Later, I simply deleted /var/log/messages manually and re-ran rsyslog. The results were predictable, but still useless.
At this point, I still don’t know where the problem lies.
Okay, that’s annoying.
I really want to go out and run.

🎜Finally decided to reinstall rsyslog, so 🎜yum reinstall rsyslog🎜restarted rsyslog, but it still didn’t work. 🎜Why is this? It seems there is something wrong with the configuration file! 🎜Okay, let’s find the configuration file /etc/rsyslog.conf. The website found other people’s configurations and changed it to the following: 🎜 rrreee 🎜Restart rsyslog🎜 rrreee 🎜$ tail -f /var/log/secure 🎜Finally it works~ There is a record. 🎜 🎜So in order to verify that this is indeed the problem, I changed /etc/rsyslog.conf back to its original state and restarted rsyslog.🎜It still worked. 🎜 🎜This is strange to me. 🎜However, the problem is solved. 🎜Can someone tell me why this is? Comment in reply. 🎜I have closed the question first, since no one has read it anyway. I hope someone who knows the reason will reply to me later. Thank you in advance! 🎜

Answer 2

redhat 7 centos7 uses system-journal instead of the original syslog, and rsyslog is responsible for writing message and other log files. Closing or modifying rsyslog may cause log files to not be written normally. Reinstall rsyslog. After uninstalling, remember to delete the rsyslog configuration file. This should solve the problem

Answer 3

I just installed CENTOS 7.2 today, and VSFTPD is not configured yet. . The service cannot be started~ I am so worried about the unknown pitfalls of 7.2. .