Debian (squeeze) 上的日志记录已损坏

Debian (squeeze) 上的日志记录已损坏

我刚刚注意到我的 Debian 机器上的日志系统坏了,系统日志是空的,并且没有任何内容添加到系统日志中。

我需要修复此问题,但从哪里开始呢?

什么原因造成这种情况?

syslog-ng 配置似乎很好,并且 syslog-ng 进程正在运行,磁盘未满并且文件夹正确。

/var/log > ps -ef | grep syslog
root      1463     1  0 Aug01 ?        00:00:00 /sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan --syslog
root     15495 15482  0 18:06 pts/7    00:00:00 tail -f syslog
root     15729     1  0 18:17 ?        00:00:00 supervising syslog-ng                        
root     15730 15729  0 18:17 ?        00:00:00 /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid


cat /etc/syslog-ng/syslog-ng.conf
@version: 3.1
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
# Revised, and rewrited by me (SZALAY Attila <[email protected]>)

# First, set some global options.
options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
      owner("root"); group("adm"); perm(0640); stats_freq(600);
      bad_hostname("^gconfd$");
};

########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src { unix-dgram("/dev/log"); internal();
             file("/proc/kmsg" program_override("kernel"));
};

# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
#source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); };

########################
# Destinations
########################
# First some standard logfile
#
destination d_auth { file("/var/log/auth.log"); };
destination d_cron { file("/var/log/cron.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kern { file("/var/log/kern.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };

# This files are the log come from the mail subsystem.
#
destination d_mailinfo { file("/var/log/mail/mail.info"); };
destination d_mailwarn { file("/var/log/mail/mail.warn"); };
destination d_mailerr { file("/var/log/mail/mail.err"); };

答案1

似乎出于某种原因,配置文件在 syslog-ng.conf 文件中丢失了过滤器和目标。将文件更改为默认的 dpkg 包文件即可。

感谢所有的建议。

相关内容