MAAS

syslog.log is completely empty

Bug #1575337 reported by Blake Rouse on 2016-04-26

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Fix Released	Undecided	Unassigned

Bug Description

130 roaksoax@unleashed:~/Desktop/project/packaging⟫ dpkg -l | grep rsyslog
ii rsyslog 8.16.0-1ubuntu3 amd64 reliable system and kernel logging daemon
ii rsyslog-gnutls 8.16.0-1ubuntu3 amd64 TLS protocol support for rsyslog

roaksoax@unleashed:~/Desktop/project/packaging⟫ sudo service rsyslog status
[sudo] password for roaksoax:
● rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2016-04-26 16:12:24 EDT; 1h 39min ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
Main PID: 26547 (rsyslogd)
    Tasks: 5 (limit: 512)
   Memory: 1.3M
      CPU: 174ms
   CGroup: /system.slice/rsyslog.service
           └─26547 /usr/sbin/rsyslogd -n

Apr 26 16:12:24 unleashed systemd[1]: Starting System Logging Service...
Apr 26 16:12:24 unleashed systemd[1]: Started System Logging Service.

roaksoax@unleashed:~/Desktop/project/packaging⟫ sudo cat /var/log/syslog
roaksoax@unleashed:~/Desktop/project/packaging⟫

See original description

Related branches

lp:~andreserl/maas/lp1575337

Merged into lp:~maas-maintainers/maas/packaging at revision 490

Andres Rodriguez (community): Approve on 2016-04-26

Andres Rodriguez (andreserl) on 2016-04-26

description:

updated

Andres Rodriguez (andreserl) on 2016-04-26

no longer affects:	maas
description:	updated

Revision history for this message

Martin Pitt (pitti) wrote on 2016-04-26:

Can you please give some context here? /var/log/syslog is entirely rsyslog's domain, systemd has nothing to do with it. Maybe you don't have rsyslog installed? (which is perfectly plausible and doable, as you can enable the persistent journal). Is rsyslog.service running? /var/log/syslog is certainly getting logs on a standard vivid/wily/xenial system.

Changed in systemd (Ubuntu):
status:	New → Incomplete

Revision history for this message

Martin Pitt (pitti) wrote on 2016-04-26:

Reassigning as the bug title is "maas.log". This is very confus(ed|ing).

affects:

systemd (Ubuntu) → maas (Ubuntu)

Andres Rodriguez (andreserl) on 2016-04-26

summary:

- [2.0a4] maas.log is empty
+ syslog.log is completely empty

Revision history for this message

Andres Rodriguez (andreserl) wrote on 2016-04-26:

Ok, so MAAS install's an rsyslog config to forward messages from syslog to /var/log/maas/maas.log. Today we noticed that maas.log was completely empty, and on further checking, we noticed that syslog was completely empty as well. The fun fact, however, is that MAAS has not changed its syslog configuration in years, and we definitely don't believe this is the problem. Also, this was working before just fine without any issues before , and as such, we don't believe is a problem on rsyslog.

The interesting thing is that rsyslog hasn't really change much in the past few months (iother that 2, no change rebuilds). Also, syslog logs that should be on /var/log/syslog are on systemd's journal.

MAAS config on /etc/maas/rsyslog.d/99-maas:

# Log MAAS messages to their own file.
:syslogtag,contains,"maas" /var/log/maas/maas.log

no longer affects:	maas (Ubuntu)
description:	updated
Changed in rsyslog (Ubuntu):
importance:	Undecided → Critical

Andres Rodriguez (andreserl) on 2016-04-26

Changed in systemd (Ubuntu):
importance:	Undecided → Critical
importance:	Critical → Undecided

Revision history for this message

Martin Pitt (pitti) wrote on 2016-04-26:

> The interesting thing is that rsyslog hasn't really change much in the past few months

There was a big merge and new upstream version in February.

> Also, syslog logs that should be on /var/log/syslog are on systemd's journal

Yes, this is not an either-or. The journal logs dmesg, syslog, stdout/err from units and other stuff, but syslog() messages also get forwarded to rsyslog.

If you drop the /etc/maas/rsyslog.d/99-maas file, do you get logs into /var/log/syslog again? If so, then this is either a regression in rsyslog or the 99-maas file configures this in a way that current rsyslog does not understand any more.

Changed in systemd (Ubuntu):
status:	New → Incomplete

Revision history for this message

Andres Rodriguez (andreserl) wrote on 2016-04-26:

ok, so I think what the issue is. I found a different rule that would do:

& ~

However, that means " stop logging anything that matches the last rule", however, instead of stopping just that rule, it was stopping everything. The reason why this was stopping everything is because it didn't really match the last rle, provided that the last rule was wrapped in an if statement, hence it was completely stopping rsyslog logging.

no longer affects:	rsyslog (Ubuntu)
no longer affects:	systemd (Ubuntu)

Andres Rodriguez (andreserl) on 2016-04-27

Changed in maas:
status:	New → Fix Committed

Andres Rodriguez (andreserl) on 2016-10-13

Changed in maas:
status:	Fix Committed → Fix Released

Revision history for this message

rebroad (rebroad) wrote on 2017-06-23:

The empty file is /var/log/syslog (not syslog.log) for me... The problem was caused by installing syslog-ng (which removed rsyslog) and then re-installing rsyslog.

How to fix though...?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.