rsyslog seems to have vanished from my system

Question

I'm debugging an issue where I think my server is spamming other servers because it is infected but all my logs stop in august last year, and rsyslog is missing from the system /etc/rsyslog.d still exists and clearly it was writing logs once but there are no new logs being generated for /var/log/mail.log or /var/log/messages

but running

rsyslog

results in command not found, should I run:

apt-get install rsyslog

and then

service rsyslog start

and has any one seen anything like this before?

try rsyslogd.

Manuel Faux
– Manuel Faux

2015-07-21 10:13:13 +00:00
Commented Jul 21, 2015 at 10:13 — Manuel Faux
– Manuel Faux, Commented Jul 21, 2015 at 10:13
it says command not found and unrecognized service

arcanine
– arcanine

2015-07-21 10:23:48 +00:00
Commented Jul 21, 2015 at 10:23 — arcanine
– arcanine, Commented Jul 21, 2015 at 10:23
which rsyslogd ?

neuron
– neuron

2015-07-21 10:24:28 +00:00
Commented Jul 21, 2015 at 10:24 — neuron
– neuron, Commented Jul 21, 2015 at 10:24
no output is given

arcanine
– arcanine

2015-07-21 10:27:02 +00:00
Commented Jul 21, 2015 at 10:27 — arcanine
– arcanine, Commented Jul 21, 2015 at 10:27
What is the output of ls -l /usr/sbin/rsyslogd?

mjturner
– mjturner

2015-07-21 10:54:01 +00:00
Commented Jul 21, 2015 at 10:54 — mjturner
– mjturner, Commented Jul 21, 2015 at 10:54

Community · Accepted Answer · 2017-04-13 12:36:37Z

1

Open the terminal and execute the command

# sudo add-apt-repository ppa:adiscon/v8-stable

Now install rsyslog

# sudo apt-get install rsyslog

to check rsyslog version,

# rsyslogd -v
rsyslogd 7.4.4, compiled with:
    FEATURE_REGEXP:             Yes
    FEATURE_LARGEFILE:          No
    GSSAPI Kerberos 5 support:      Yes
    FEATURE_DEBUG (debug build, slow code): No
    32bit Atomic operations supported:  Yes
    64bit Atomic operations supported:  Yes
    Runtime Instrumentation (slow code):    No
    uuid support:               Yes

Also check whether your rsyslog running

edited Apr 13, 2017 at 12:36

CommunityBot

1

answered Jul 21, 2015 at 13:34

lakshmikandan

1791 silver badge5 bronze badges

2

I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

mjturner
– mjturner

2015-07-21 15:36:16 +00:00
Commented Jul 21, 2015 at 15:36

Add a comment |

arcanine · Accepted Answer · 2015-07-21 17:11:31Z

1

I've re-installed it using

apt-get install rsyslog

and logs seem to be filling up again, odd that it seems to have gone missing in the first place, it's clearly been on the system before

answered Jul 21, 2015 at 17:11

arcanine

1311 silver badge3 bronze badges

1

Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

111---
– 111---

2015-07-21 17:51:38 +00:00
Commented Jul 21, 2015 at 17:51

Add a comment |

Kjeld Flarup · Accepted Answer · 2018-05-18 18:35:20Z

1

Could be that You are running systemd.

Look in /var/log/README

You are running a systemd-based OS where traditional syslog has been
replaced with the Journal.

answered May 18, 2018 at 18:35

Kjeld Flarup

6181 gold badge5 silver badges8 bronze badges

Add a comment |

Stack Exchange Network

rsyslog seems to have vanished from my system

3 Answers 3

You must log in to answer this question.

Linked

Hot Network Questions

rsyslog seems to have vanished from my system

3 Answers 3

You must log in to answer this question.

Linked

Related

Hot Network Questions