32
votes
Why does journalctl say "-- no entries --"?
sudo -i if not already.
Try running journalctl -b to see messages from the current boot.
If you still get -- No entries --, run journalctl --verify.
If you get No journal files were found, something ...
- 421
23
votes
Accepted
I don't know what is producing the gigabytes of error in syslog
I think the error is caused by VLC. Try using another Media Player.
- 494
17
votes
Examining /dev/log
I am summarizing the comments to a complete answer. Note that @MarkPlotnick was the first to point toward the right solution.
As you can see in ls -lL output, the file pointed by you link is a socket, ...
- 17.5k
16
votes
Accepted
Examining /dev/log
To add some additional info to the accepted (correct) answer, you can see the extent to which /dev/log is simply a UNIX socket by writing to it as such:
lmassa@lmassa-dev:~$ echo 'This is a test!!' | ...
- 301
15
votes
I don't know what is producing the gigabytes of error in syslog
There is a bug filed for this large /var/log/syslog at
Having a video playing/paused when switched to another user generates gigabytes of error logs.
In the bug description, it is mentioned that using ...
13
votes
Accepted
Why is kill -HUP used in logrotate in RHEL? Is it necessary in all cases?
Generally services keep the log files opened while they are running. This mean that they do not care if the log files are renamed/moved or deleted they will continue to write to the open file handled.
...
- 146
12
votes
Accepted
Sending bash history to syslog
This approach seems to be what you're looking for. This article discusses it, titled: Improving Bash Forensics Capabilities.
Excerpt:
While discussing with him about this topic, I realized that ...
slm♦
- 380k
11
votes
How should I send systemd logs to a dedicated logging server
It appears that systemd does not have a built-in means of forwarding messages to a syslog server. Red Hat's official recommendation is to use the imjournal module to allow rsyslog to read the journald ...
- 1,186
11
votes
Mint 18.1 - A whole lot of "Soliciting pool server xxx.xxx.xxx.xxx"
The messages mean your ntpd server is looking for more time sources to sync to. Seeing a couple of them is expected, especially after reconnecting to the network after an outage or a restart, but if ...
- 166
11
votes
Where does cron log by default?
cron logs its actions to syslog, with a level of detail dependent on the configured log level. This doesn’t include jobs’ output.
Regarding the latter, the manpage says
When executing commands, any ...
- 481k
9
votes
Accepted
Can I avoid debian-sa1 lines in my syslog?
These commands are, indeed, part of the sysstat package. It's intended for performance monitoring; and specifically, sar is the system activity report:
a Unix System V-derived system monitor command ...
- 11k
8
votes
OpenVPN doesn't seem to run: active (exited), code=exited, status=0/SUCCESS
The fact that you are looking at the wrong thing.
Your service is not named openvpn. It is named openvpn@configuration.
The instructions that you are following are for an older version of Ubuntu, ...
- 71.9k
7
votes
I don't know what is producing the gigabytes of error in syslog
It is caused by VLC if it is started by doubleclick on a file in Nautilus.
If your system suspends while VLC is still open, it will cause this problem. You can close VLC or just jump to another time ...
- 30.6k
7
votes
Accepted
How to setup syslog forwarding for systemd journal namespace
I found a minimal solution after reading the rsyslog docs which is to create an rsyslog config file /etc/rsyslog.d/my-namespace.conf with the content:
input(type="imuxsock" Socket="/run/...
- 131
7
votes
How is syslog entangled with journald?
The way it works is that systemd-journald can forward logs to syslog (aka to the file /var/log/syslog). These forwarded logs are not controlled by systemd-journald so that is why the SystemMaxUse= ...
- 171
6
votes
Accepted
rsyslog: send logs to different file using custom template
The issue was that the default config file was called 50-defaults.conf, so it was processed first...
That means that logs were being sent to /var/log/syslog as per defaults config, and then it goes ...
- 213
6
votes
I don't know what is producing the gigabytes of error in syslog
"Paul_Pedant, I have googled but was not able to find anything useful".
I googled "org.gnome.Nautilus[1514]: [00007fa4fc465ce0] vdpau_chroma filter error: video mixer features failure: ...
- 9,414
6
votes
Accepted
cron: send errors to syslog, instead of MTA
You can use the logger subsystem. There are two variants, depending on whether you have systemd installed or not.
With systemd - using systemd-cat
echo This is a test with systemd-cat | systemd-cat -...
- 128k
6
votes
Accepted
How to stop truncate command safely
Interrupting a process will never cause the filesystem itself to become corrupted¹. The kernel ensures this. The worst that can happen is that the files are in an inconsistent state with respect to ...
5
votes
rsyslog not logging
Try to check rsyslog conf with: rsyslogd -f /etc/rsyslog.conf -N 1
If everything is ok try to restart systemd-journald.socket with:
systemctl restart systemd-journald.socket
you can use the command "...
- 211
5
votes
Accepted
OpenLDAP v2.4 enable logging
To enable OpenLDAP debugs, you would want to add the following to your slapd.conf
loglevel <level> (eg: stats)
If you do not use slapd.conf, you may then pass that option to the slapd service. ...
- 2,999
5
votes
I don't know what is producing the gigabytes of error in syslog
The bug is in VLC, which prints logs after resuming.
My workaround is a systemd service that kills VLC after resuming.
Here it is on the Github; this is what it looks like:
[Unit]
Description=Kills ...
- 256
5
votes
Accepted
Does Linux's rsyslog support RFC 5424?
Had the same issue, finally found out a solution by adding this to my rsyslog.conf :
input(type="imuxsock" socket="/dev/log" useSpecialParser="off")
The useSpecialParser ...
- 66
5
votes
syslog message at boot: uninitialized urandom read
Your diagnosis is correct: a read was attempted on an empty entropy pool. This is "boot time entropy starvation".
You can either leverage systemd-boot if you have an EFI system, ignore the ...
- 4,695
4
votes
rsyslog not logging
There's a surprising fragile dependency between journald and rsyslogd, especially in RHEL7. Journald becomes the first, canonical log handler. It should handle logs sent to /dev/log and forward them ...
- 6,417
4
votes
syslog duplicate all content
The Comment of @user192526 was the Key to stop this Phenomenon
Comment this line .=info;.=notice;*.=warn; out, mean
#*.=info;*.=notice;*.=warn; . Restart rsyslog.
But the complete Answer to this ...
4
votes
logread in OPENWRT
Or redirect the above code to any .txt files of my router (Every 30 minutes I will run a cron job to push the .txt code to the server to make sure that router wont get crashed. Anyways its having 1.3 ...
- 449
4
votes
Accepted
Track active logging to log files
I believe the command you are looking for is lsof. From the lsof manual:
lsof - list open files
Under the examples section therein:
To find the process that has /u/abe/foo open, use:
...
- 1,313
4
votes
Auditd, Syslog and Journald
1- As @jordanm stated : "Autitd produces logs, syslog and journald collect them."
2- You should configure them, if you have special needs for logging.
3- Journald is systemd's logging, but ...
- 141
Only top scored, non community-wiki answers of a minimum length are eligible