<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>[SWLUG] Where have all the syslogs gone?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">Thanks for the replies. I've guessed it might have something to do with the order of mounting the fielsystems but it's a little difficult to reboot the server. Later perhaps.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Restarting syslog seems to have fixed it. Here are the before & after lsof's</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">lsof | head -1;lsof | grep log</FONT>
<BR><FONT SIZE=2 FACE="Arial">COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root cwd DIR 105,2 4096 2 /</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root rtd DIR 105,2 4096 2 /</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root txt REG 105,2 37992 32841 /sbin/syslogd</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root mem REG 105,2 105080 196868 /lib64/ld-2.3.4.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root mem REG 105,2 1493409 196869 /lib64/tls/libc-2.3.4.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root mem REG 105,2 56902 196638 /lib64/libnss_files-2.3.4.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 3348 root 0u unix 0x000001003cf02680 7508 /dev/log</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">lsof | head -1;lsof | grep syslog</FONT>
<BR><FONT SIZE=2 FACE="Arial">COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root cwd DIR 105,2 4096 2 /</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root rtd DIR 105,2 4096 2 /</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root txt REG 105,2 37992 32841 /sbin/syslogd</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root mem REG 105,2 105080 196868 /lib64/ld-2.3.4.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root mem REG 105,2 1493409 196869 /lib64/tls/libc-2.3.4.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root mem REG 105,2 56902 196638 /lib64/libnss_files-2.3.4.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 0u unix 0x000001003b272380 227406 /dev/log</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 1w REG 253,9 45 60 /var/log/messages</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 2w REG 253,9 0 41 /var/log/secure</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 3w REG 253,9 0 55 /var/log/maillog</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 4w REG 253,9 0 22 /var/log/cron</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 5w REG 253,9 0 34 /var/log/spooler</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 6w REG 253,9 0 65 /var/log/boot.log</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 7w REG 253,9 0 32773 /var/log/news/news.crit</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 8w REG 253,9 0 32772 /var/log/news/news.err</FONT>
<BR><FONT SIZE=2 FACE="Arial">syslogd 19115 root 9w REG 253,9 0 32771 /var/log/news/news.notice</FONT>
</P>
<br/><font face="Times New Roman" size="3"><a href="http://www.bbc.co.uk">http://www.bbc.co.uk</a><br/>This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.<br/>If you have received it in error, please delete it from your system.<br/>Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.<br/>Please note that the BBC monitors e-mails sent or received.<br/>Further communication will signify your consent to this.</font></BODY>
</HTML>