auth.log is empty
Bug #1059854 reported by
nick parlante
This bug report is a duplicate of:
Bug #940030: rsyslog stops working after logrotate until restarted.
Edit
Remove
This bug affects 10 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
On a fresh 12.04 64 bit machine in the default state + sshd installed, the auth.log file remained empty, when normally it would fill up with sshd hacking attempts. The sshd_config was left at its default, which should record login failures.
I have figured out a workaround, which is probably a good clue about the underlying bug.
It turns out that the permissions of auth.log were: messagebus (owner) adm (group)
doing a
sudo chown syslog /etc/auth.log
fixed the problem instantly, with failed logins now going to the file as expected. I don't know if this "fix" will survive log rotation.
To post a comment you must log in.
Following up on my own bug:
The logging of sudo sessions is another example of data that was not being written to auth.log
I see that the older auth.log.1 files have the messagebus/adm permissions, but do have content in them, running up to July 27th 2012. I assume these were written when the system was first set up by the vendor, system76.
I first booted this box up around Sep 24th 2012, and applied all the pending updates. I wonder if one of those updates introduced this problem.