• This forum has a zero tolerance policy regarding spam. If you register here to publish advertising, your user account will be deleted without further questions.

keine Logs nach Neustart

fredchen1984

New Member
Hallo Community,

ich habe gestern unseren Server neu gemacht mit Debian 6 und Plesk 11 alles schön und gut, heute habe ich einen Neustart des Servers gemacht und es werden keine Logs mehr geschrieben (syslog, maillog etc selbst unter psa-ordnern nicht).

Wer kann mit bitte helfen?
Vielen Dank im Voraus.
 
Läuft dein eingesetzter Log-Daemon (status rsyslog), ist das Logverzeichnis beschreibbar (stat /var/log/) und ist da auch noch Platz (df -h && df -i)?
 
Hallo und Danke für deine Antwort.

Folgende Ausgaben:

status rsyslog
Code:
-bash: status: Kommando nicht gefunden.
Habe über google geschaut ob ich das was hilfreiches finden kann.

stat /var/log/
Code:
root@k083:~# stat /var/log/
  File: â/var/log/â
  Size: 4096            Blocks: 8          IO Block: 4096   Verzeichnis
Device: 900h/2304d      Inode: 27787400    Links: 16
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2012-12-18 12:19:53.946284568 +0000
Modify: 2012-12-18 07:29:48.410287360 +0000
Change: 2012-12-18 07:29:48.410287360 +0000

df -h && df -i
Code:
root@k083:~# df -h && df -i
Dateisystem           Size  Used Avail Use% Eingehängt auf
/dev/md0              455G   14G  419G   4% /
tmpfs                 2,0G     0  2,0G   0% /lib/init/rw
udev                  2,0G  116K  2,0G   1% /dev
tmpfs                 2,0G     0  2,0G   0% /dev/shm
Dateisystem           Inodes   IUsed   IFree IUse% Eingehängt auf
/dev/md0             30269440  368252 29901188    2% /
tmpfs                 503546       6  503540    1% /lib/init/rw
udev                  502290     550  501740    1% /dev
tmpfs                 503546       1  503545    1% /dev/shm

Ich bekomme seitdem solche Mails: Cron <root@k083> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) (failed)

Inhalt der Mail:
Code:
/etc/cron.daily/logrotate:
Reopen NGINX log files: .
syntax error in /etc/syslog-ng/syslog-ng.conf at line 99.

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
invoke-rc.d: initscript syslog-ng, action "reload" failed.
error: error running non-shared postrotate script for /var/log/syslog of '/var/log/syslog '
run-parts: /etc/cron.daily/logrotate exited with return code 1

Wenn ich in der Konsole dies Ausführe: "/etc/init.d/syslog-ng start"
Kommt die Meldung:
Code:
Starting system logging: syslog-ngsyntax error in /etc/syslog-ng/syslog-ng.conf at line 99.

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
 failed!

Zeile 99 steht dies:
Code:
not facility(auth,authpriv,cron,daemon,mail,news); };
 
Last edited by a moderator:
Na klar doch

Der Teil:
Code:
filter f_messages { not (facility(news) or filter(f_iptables)) or filter(f_mailwarn); };
                    not facility(auth,authpriv,cron,daemon,mail,news); };

Dies komplette:
Code:
@version: 3.1
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>)

# First, set some global options.
options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
	  owner("root"); group("adm"); perm(0640); stats_freq(0);
	  bad_hostname("^gconfd$");
};

########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src { unix-dgram("/dev/log"); internal();
       	     file("/proc/kmsg" program_override("kernel"));
};

# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
#source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); };

########################
# Destinations
########################
# First some standard logfile
#
destination d_auth { file("/var/log/auth.log"); };
destination d_cron { file("/var/log/cron.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kern { file("/var/log/kern.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };

# This files are the log come from the mail subsystem.
#
destination d_mailinfo { file("/var/log/mail/mail.info"); };
destination d_mailwarn { file("/var/log/mail/mail.warn"); };
destination d_mailerr { file("/var/log/mail/mail.err"); };

# Logging for INN news system
#
destination d_newscrit { file("/var/log/news/news.crit"); };
destination d_newserr { file("/var/log/news/news.err"); };
destination d_newsnotice { file("/var/log/news/news.notice"); };

# Some `catch-all' logfiles.
#
destination d_debug { file("/var/log/debug"); };
destination d_error { file("/var/log/error"); };
destination d_messages { file("/var/log/messages"); };

# The root's console.
#
destination d_console { usertty("root"); };

# Virtual console.
#
destination d_console_all { file("/dev/tty10"); };

# The named pipe /dev/xconsole is for the nsole' utility.  To use it,
# you must invoke nsole' with the -file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
destination d_xconsole { pipe("/dev/xconsole"); };

# Send the messages to an other host
#
#destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); };

# Debian only
destination d_ppp { file("/var/log/ppp.log"); };

########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which 
# message go where.

filter f_dbg { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_err { level(err); };
filter f_crit { level(crit .. emerg); };

filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
filter f_error { level(err .. emerg) ; };
filter f_messages { not (facility(news) or filter(f_iptables)) or filter(f_mailwarn); };
                    not facility(auth,authpriv,cron,daemon,mail,news); };

filter f_auth { facility(auth, authpriv) and not filter(f_debug); };
filter f_cron { facility(cron) and not filter(f_debug); };
filter f_daemon { facility(daemon) and not filter(f_debug); };
filter f_kern { facility(kern) and not filter(f_debug); };
filter f_lpr { facility(lpr) and not filter(f_debug); };
filter f_local { facility(local0, local1, local3, local4, local5,
                        local6, local7) and not filter(f_debug); };
filter f_mail { facility(mail) and not filter(f_debug); };
filter f_news { facility(news) and not filter(f_debug); };
filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); };
filter f_user { facility(user) and not filter(f_debug); };
filter f_uucp { facility(uucp) and not filter(f_debug); };

filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };

filter f_ppp { facility(local2) and not filter(f_debug); };
filter f_console { level(warn .. emerg); };

########################
# Log paths
########################
log { source(s_src); filter(f_auth); destination(d_auth); };
log { source(s_src); filter(f_cron); destination(d_cron); };
log { source(s_src); filter(f_daemon); destination(d_daemon); };
log { source(s_src); filter(f_kern); destination(d_kern); };
log { source(s_src); filter(f_lpr); destination(d_lpr); };
log { source(s_src); filter(f_syslog3); destination(d_syslog); };
log { source(s_src); filter(f_user); destination(d_user); };
log { source(s_src); filter(f_uucp); destination(d_uucp); };

log { source(s_src); filter(f_mail); destination(d_mail); };
#log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
#log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
#log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };

log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
#log { source(s_src); filter(f_cnews); destination(d_console_all); };
#log { source(s_src); filter(f_cother); destination(d_console_all); };

#log { source(s_src); filter(f_ppp); destination(d_ppp); };

log { source(s_src); filter(f_debug); destination(d_debug); };
log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_messages); destination(d_messages); };

log { source(s_src); filter(f_console); destination(d_console_all);
				    destination(d_xconsole); };
log { source(s_src); filter(f_crit); destination(d_console); };

# All messages send to a remote site
#
#log { source(s_src); destination(d_net); };
 
filter f_messages { not (facility(news) or filter(f_iptables)) or filter(f_mailwarn); };
not facility(auth,authpriv,cron,daemon,mail,news); };
Ersetzen durch
filter f_messages { not (facility(news) or filter(f_iptables)) or filter(f_mailwarn);
not facility(auth,authpriv,cron,daemon,mail,news); };
und syslog starten.
 
Danke für die Antwort habe ich gemacht aber leider kommt immer noch der Fehler:

Code:
root@k083:~# /etc/init.d/syslog-ng start
Starting system logging: syslog-ngsyntax error in /etc/syslog-ng/syslog-ng.conf at line 99.

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
 failed!
 
Ok,

kannte nun nicht direkt den Syntax, aber etwas googlen hilft immer
filter f_messages { not (facility(news) or filter(f_iptables)) or filter(f_mailwarn) and not facility(auth,authpriv,cron,daemon,mail,news); };
 
Super! Es geht wieder, Danke dir ;) TOP

Muss ich noch wieder befürchtungen haben wenn ich ein Update oder Neustart mache das wieder nicht geht?
 
Back
Top