Topic: Missing syslog files

Where do the system logs get written?  I notice /var is a mount, but nothing
seems to show up in /var/log.  My concern is filling up the flash with
hidden log files, since the log-rotate will not work. If this is broken,
how do I fix it? (Maybe just delete the /dev/log and let syslogd remake it?)
I haven't done much on the Chumby root filesystem, added root passwd, changed
PS1, etc.  Having trouble getting a chrooted Debian on usb mysqld running -- has the
socket permission problem, which I finally realized might not be the mysqld.sock, but the /dev/log
socket causing problems.  Looked at the /dev/log and saw the syslog missing problem.

Really empty:
# ls -a /var/log
.   ..
(and it is writeable)

syslogd is running:
(I had recently restarted it, hence the large pid)
root@chumby-30-86-f9:/# ps auxww |fgrep sysl
8639 root       0:00 /sbin/syslogd -C400

(and var is mounted with a tmpfs)

The socket is present and is used in the later logger command:
root@chumby-30-86-f9:/# ls -l /dev/log*
srw-rw-rw-    1 root     root             0 Jan  4 16:42 /dev/log
crw-rw----    1 root     root       10,  62 Dec 31  1969 /dev/log_events
crw-rw----    1 root     root       10,  63 Dec 31  1969 /dev/log_main
crw-rw----    1 root     root       10,  61 Dec 31  1969 /dev/log_radio

Nothing visible on the filesystem for messages:
root@chumby-30-86-f9:/# find / -name messages -ls

dmesg does output information, not sure how current, since the last lines refer to headphones,  which I don't
use, but may have tested once.

strace of logger shows:
# strace logger "trace for the log"
execve("/usr/bin/logger", ["logger", "trace for the log"], [/* 24 vars */]) = 0
brk(0)                                  = 0xdf000
uname({sys="Linux", node="chumby-30-86-f9", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
access("/etc/", R_OK)      = -1 ENOENT (No such file or directory)
open("/lib/tls/v5l/fast-mult/half/", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/v5l/fast-mult/half", 0xbeb1e188) = -1 ENOENT (No such file or directory)

---snip lots of missing /lib/tls, /lib/v5l, /lib/fast-mult, and /lib/half files

gettimeofday({1325724215, 619459}, NULL) = 0
open("/etc/localtime", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001f000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\0"..., 4096) = 2819
_llseek(3, -24, [2795], SEEK_CUR)       = 0
read(3, "\nPST8PDT,M3.2.0,M11.1.0\n"..., 4096) = 24
close(3)                                = 0
munmap(0x4001f000, 4096)                = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = 0
send(3, "<13>Jan  4 16:43:35 root: trace f"..., 43, MSG_NOSIGNAL) = 43
close(3)                                = 0
exit_group(0)                           = ?

2 (edited by desidude2000 2012-01-05 11:23:32)

Re: Missing syslog files

since this is not a "real" syslogd, but a busybox syslogd, you'll have to restart it with different options:

chumby-29-53-95:/sbin # ls -l syslogd
lrwxrwxrwx    1 root     root            14 Dec 29 14:54 syslogd -> ../bin/busybox

chumby-29-53-95:/sbin # ps -ef | grep syslog
  673 root       0:00 /sbin/syslogd -C400

here are the options on busybox syslogd:


    syslogd [OPTIONS]

    System logging utility. Note that this version of syslogd ignores /etc/syslog.conf.


            -n              Run in foreground
            -O FILE         Log to given file (default:/var/log/messages)
            -l n            Set local log level
            -S              Smaller logging output
            -s SIZE         Max size (KB) before rotate (default:200KB, 0=off)
            -b NUM          Number of rotated logs to keep (default:1, max=99, 0=purge)
            -R HOST[:PORT]  Log to IP or hostname on PORT (default PORT=514/UDP)
            -L              Log locally and via network (default is network only if -R)
            -D              Drop duplicates
            -C[size(KiB)]   Log to shared mem buffer (read it using logread)

the -C400 tell chumby to keep on 400KB of syslog in the buffer.
If you would like to log those to a file instead, you might want to do something like:

/sbin/syslogd -O /mnt/storage/var/log/messages

though now you'll have to worry about rotating the logs and the whole nine-yard (which typically doesn't make sense in an embedded linux device).

Re: Missing syslog files

Thanks, mystery solved!
logread may be all I need to track down problems.