[SOLVED] Problem with rsyslog

Discussion in 'Installation/Configuration' started by brnad, Jan 11, 2018.

  1. brnad

    brnad New Member

    Hi,
    i have web/mail server on ubuntu 14.04.5 LTS. i tried to upgrade rsyslog to last version (followed this tutorial http://www.rsyslog.com/ubuntu-repository/)

    but for some reason version stay on 4.6.1
    Code:
    rsyslogd -v
rsyslogd 4.6.1, compiled with:
        FEATURE_REGEXP:                         Yes
        FEATURE_LARGEFILE:                      No
        FEATURE_NETZIP (message compression):   Yes
        GSSAPI Kerberos 5 support:              No
        FEATURE_DEBUG (debug build, slow code): No
        Atomic operations supported:            Yes
        Runtime Instrumentation (slow code):    No
    on other server (same os) upgrade has gone ok.

    some strange is on server.
    when i remove rsyslog package from server (apt-get remove rsyslog) i still can run command rsyslogd -v and it show same as posted above.
    on other server when i remove rsyslog package, i cannot run rsyslogd command.

    And after i tried that upgrade sshd doesnt logg in /var/log/auth.log.
    any sugestion?

    tnx
     
    brnad, Jan 11, 2018
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Code:
     type -a rsyslog
    shows which file gets executed.
    Code:
    dpkg --listfiles rsyslog
    shows files that came from that package. Compare those.
     
    Taleman, Jan 11, 2018
    #2
    brnad likes this.
  3. brnad

    brnad New Member

    Code:
    type -a rsyslog
-bash: type: rsyslog: not found
    Code:
     type -a rsyslogd
rsyslogd is /usr/local/sbin/rsyslogd
rsyslogd is /usr/sbin/rsyslogd
    Code:
    dpkg --listfiles rsyslog
/.
/etc
/etc/default
/etc/default/rsyslog
/etc/rsyslog.d
/etc/logrotate.d
/etc/logrotate.d/rsyslog
/etc/logcheck
/etc/logcheck/ignore.d.server
/etc/logcheck/ignore.d.server/rsyslog
/etc/apparmor.d
/etc/apparmor.d/force-complain
/etc/apparmor.d/local
/etc/apparmor.d/usr.sbin.rsyslogd
/etc/apparmor.d/disable
/etc/init.d
/etc/init.d/rsyslog
/etc/init
/etc/init/dmesg.conf
/etc/init/rsyslog.conf
/etc/systemd
/etc/systemd/system
/etc/systemd/system/multi-user.target.wants
/etc/rsyslog.conf
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/rsyslog.service
/var
/var/spool
/var/spool/rsyslog
/usr
/usr/lib
/usr/lib/rsyslog
/usr/lib/rsyslog/lmnet.so
/usr/lib/rsyslog/imfile.so
/usr/lib/rsyslog/imklog.so
/usr/lib/rsyslog/lmnetstrms.so
/usr/lib/rsyslog/imuxsock.so
/usr/lib/rsyslog/pmciscoios.so
/usr/lib/rsyslog/lmtcpsrv.so
/usr/lib/rsyslog/lmstrmsrv.so
/usr/lib/rsyslog/lmtcpclt.so
/usr/lib/rsyslog/pmlastmsg.so
/usr/lib/rsyslog/impstats.so
/usr/lib/rsyslog/imudp.so
/usr/lib/rsyslog/immark.so
/usr/lib/rsyslog/mmexternal.so
/usr/lib/rsyslog/lmzlibw.so
/usr/lib/rsyslog/pmaixforwardedfrom.so
/usr/lib/rsyslog/lmnsd_ptcp.so
/usr/lib/rsyslog/imtcp.so
/usr/lib/rsyslog/mmpstrucdata.so
/usr/lib/rsyslog/pmcisconames.so
/usr/lib/rsyslog/pmsnare.so
/usr/lib/rsyslog/lmcry_gcry.so
/usr/lib/rsyslog/mmsequence.so
/usr/lib/rsyslog/lmregexp.so
/usr/lib/rsyslog/ommail.so
/usr/lib/rsyslog/omprog.so
/usr/lib/rsyslog/pmnull.so
/usr/sbin
/usr/sbin/rsyslogd
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/rsyslog
/usr/share/doc
/usr/share/doc/rsyslog
/usr/share/doc/rsyslog/changelog.Debian.gz
/usr/share/doc/rsyslog/copyright
/usr/share/doc/rsyslog/ChangeLog.gz
/usr/share/doc/rsyslog/COPYING.LESSER.gz
/usr/share/doc/rsyslog/AUTHORS
/usr/share/doc/rsyslog/README
/usr/share/doc/rsyslog/NEWS.Debian.gz
/usr/share/doc/rsyslog/README.Debian
/usr/share/doc/rsyslog/NEWS.gz
/usr/share/doc/rsyslog/COPYING.ASL20.gz
/usr/share/doc/rsyslog/COPYING.gz
/usr/share/rsyslog
/usr/share/rsyslog/50-default.conf
/usr/share/man
/usr/share/man/man1
/usr/share/man/man5
/usr/share/man/man5/rsyslog.conf.5.gz
/usr/share/man/man8
/usr/share/man/man8/rsyslogd.8.gz
/etc/systemd/system/multi-user.target.wants/rsyslog.service
    Code:
    which rsyslogd
/usr/local/sbin/rsyslogd
    as i can see server use /usr/local/sbin/rsyslogd but that is not --listfiles rsyslog.
    and also there is two rsyslogd one in local other in usr/sbin
    probably this /local/sbin/rsyslogd is self compiled ? is that posible?, i cannot remember if i installed that.
    if so, what is safe way to delete that.

    tnx
     
    brnad, Jan 12, 2018
    #3
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The rsyslogd in /usr/local/sbin is something installed from outside Ubuntu. If it is self compiled, there may be make uninstall target in the directory where the sources are. It may have installed lots of files, like dpkg --listfiles shows for the Ubuntu package.
    To stop it bothering for now, rename the executable to something else, maybe
    Code:
    mv /usr/local/sbin/rsyslogd /usr/local/sbin/rsyslogd-FOO
    Then you can figure out how to uninstall it completely later.
     
    Taleman, Jan 12, 2018
    #4
    brnad likes this.
  5. brnad

    brnad New Member

    thanks on help.
    i moved that file and after that reinstall rsyslog and now version is 8.32 (last one)

    problem with auth.log file was in ownership
    file was owned by root:adm, and i changed that on syslog:adm and now log is update.
    also some other .log file in /var/log have wrong owner so i changed them also.
    Code:
    sudo chown syslog:adm /var/log/auth.log
    thank you one more time :)
     
    brnad, Jan 12, 2018
    #5

Share This Page