/var/log/message problem

Rick Stevens rstevens at vitalstream.com
Mon Dec 6 17:54:07 UTC 2004 

daisy wrote:
> Hello everyone.
>  
> I would appreciate help with my /var/log/message file.  It is no longer 
> logging anything.
>  
> Background of the problem: Previously the message logs worked without 
> problem. When the log file grew to a certain size it would create an 
> archive /log/var/message.1 file and create a brand new and empty 
> /log/var/message file.  For some reason, however, one day the log file 
> archives were no longer being created and the message file just grew and 
> grew.  When my RedHat Linux system began to slow and lag, I thought that 
> the /var/log/message file, which by then was very large, was the 
> problem.  I decided to do a temporary fix until I could get expert 
> advice on how to get the system to create archives and new message files 
> automatically.

The logs rotate on a scheduled basis as determined by
/etc/logrotate.conf -- not when they reach a certain size.  Note,
however, that neither the kernel logger nor syslogd are built with LFS
(large file support), so neither program can "talk" to a file bigger
than 2GB.

> What I tried:  I manually copied the /var/log/message file and renamed 
> it /var/log/message.1.
> I also manually created a /var/log/message file.  This did not work.  No 
> messages were logged at all.  I then renamed one of the older archive 
> files that were still of managable size as /var/log/message.  Still no 
> luck. 

A manual rotate is done via:

	cp file file.1
	cat /dev/null >file

or

	mv file file.1
	touch file

Or you can force logrotate to do it whenever you wish:

	logrotate -f /etc/logrotate.conf

>  
> Advice I am hoping for:  
> 1.  How to fix my /var/log/message file so that it will log necessary 
> warnings. Why did creating a blank /var/log/message file cause the sytem 
> to not log anything? Is the file a special binary file?

syslogd only creates log files when it starts up.  If it ever tries to
log to a non-existant file, it will cease logging for that file
entirely.  Simply make sure the target file exists, then (as root) run:

	killall -HUP syslogd

or

	/etc/rc.d/init.d/syslog restart

to force syslogd to look at the file again.

> 2.  Why did the system stop updating and archiving the /var/log/message 
> file in the first place.

If the file went over the 2GB limit, syslogd can't write to it anymore.
The fix is to make sure the file doesn't go above 2GB or to recompile
syslogd with LFS (large file support).

> Thanks for any advice in advance.  As you can probably tell, I am still 
> at beginner level. I hope I explained the situation well enough.

You explained it quite well.  Welcome to the wonderful world of Linux!
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
- Real Time, adj.: Here and now, as opposed to fake time, which only -
-                        occurs there and then                       -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list