[SOLVED] No more syslog and other key log files update in /var/log

Avron · October 7, 2021, 7:57pm

I am surprised to see that several key log files (like syslog) are empty since August 29th, although my freedombox has been running almost permanently until now and other log files look ok:

fbox@fbox:/var/log$ ls -lt
total 19304
-rw-rw-r--  1 root           utmp            2920292 Oct  7 19:42 lastlog
-rw-rw-r--  1 root           utmp              79104 Oct  7 19:42 wtmp
-rw-r-----  1 root           root            7623581 Oct  7 19:01 snapper.log
drwx------  1 root           root                516 Oct  7 06:21 letsencrypt
-rw-r--r--  1 root           root               1714 Oct  7 06:21 dpkg.log
drwxr-xr-x  1 root           root                524 Oct  7 06:19 apt
drwxr-s---  1 Debian-exim    adm                 268 Oct  7 00:02 exim4
drwxr-x---  1 root           adm                 904 Oct  7 00:00 apache2
-rw-------  1 root           root             107003 Oct  6 18:16 ldapscripts.log
drwxr-x---  1 radicale       adm                 262 Oct  3 00:00 radicale
drwxr-xr-x  1 quasselcore    quassel             114 Oct  3 00:00 quassel
-rw-------  1 root           root                 56 Oct  3 00:00 php7.4-fpm.log
drwxr-x---  1 mumble-server  adm                 336 Oct  3 00:00 mumble-server
-rw-r-----  1 root           adm                 107 Oct  3 00:00 fail2ban.log
drwxr-x---  1 root           adm                 972 Oct  1 00:00 unattended-upgrades
-rw-rw----  1 root           utmp                  0 Oct  1 00:00 btmp
-rw-r--r--  1 root           root                  0 Oct  1 00:00 alternatives.log
-rw-r-----  1 root           adm                3754 Sep 27 02:02 fail2ban.log.1
-rw-r--r--  1 root           root                832 Sep 27 02:02 alternatives.log.1
-rw-------  1 root           root                337 Sep 27 02:01 php7.4-fpm.log.1
-rw-r--r--  1 root           root               8230 Sep 26 06:48 dpkg.log.1
-rw-r-----  1 root           adm                1667 Sep 23 12:10 fail2ban.log.2.gz
-rw-------  1 root           root                218 Sep 22 13:04 php7.4-fpm.log.2.gz
-rw-------  1 root           root                165 Sep 21 08:05 php7.4-fpm.log.3.gz
-rw-r-----  1 root           adm                 108 Sep 12 00:00 fail2ban.log.3.gz
drwxr-s---  1 ejabberd       adm                 224 Sep 12 00:00 ejabberd
-rw-------  1 root           root                 74 Sep  5 00:00 php7.4-fpm.log.4.gz
-rw-r-----  1 root           adm                 108 Sep  5 00:00 fail2ban.log.4.gz
-rw-rw----  1 root           utmp                  0 Sep  1 00:00 btmp.1
-rw-r-----  1 root           adm                   0 Aug 29 00:00 messages
-rw-r-----  1 root           adm                   0 Aug 29 00:00 debug
-rw-r-----  1 root           adm                   0 Aug 29 00:00 user.log
-rw-r-----  1 root           adm                   0 Aug 29 00:00 auth.log
-rw-r-----  1 root           adm                   0 Aug 29 00:00 daemon.log
-rw-r-----  1 root           adm                   0 Aug 29 00:00 kern.log
-rw-r-----  1 root           adm                   0 Aug 29 00:00 syslog
-rw-------  1 root           root                 74 Aug 29 00:00 php7.4-fpm.log.5.gz
-rw-r--r--  1 root           root              64014 Aug 27 06:14 dpkg.log.2.gz
-rw-r-----  1 root           adm              532140 Aug 26 07:11 daemon.log.1
-rw-r-----  1 root           adm              766911 Aug 26 07:11 syslog.1
-rw-r-----  1 root           adm              309907 Aug 26 07:11 auth.log.1
-rw-r-----  1 root           adm              109895 Aug 26 07:11 messages.1
-rw-r-----  1 root           adm               78295 Aug 26 07:11 user.log.1
-rw-r-----  1 root           adm               65386 Aug 26 07:10 debug.1
-rw-r-----  1 root           adm               36914 Aug 26 07:07 kern.log.1
-rw-r--r--  1 root           root               2597 Aug 25 06:33 alternatives.log.2.gz
-rw-------  1 root           root                195 Aug 25 06:33 php7.4-fpm.log.6.gz
-rw-r-----  1 root           adm              218181 Aug 22 00:00 daemon.log.2.gz
-rw-r-----  1 root           adm              416987 Aug 22 00:00 syslog.2.gz
-rw-------  1 root           root                  0 Aug 22 00:00 php7.3-fpm.log
-rw-r-----  1 root           adm               28583 Aug 22 00:00 auth.log.2.gz
-rw-r-----  1 root           adm                6009 Aug 22 00:00 debug.2.gz
-rw-r-----  1 root           adm              149804 Aug 21 23:03 messages.2.gz
-rw-r-----  1 root           adm              131051 Aug 21 23:03 user.log.2.gz
-rw-r-----  1 root           adm               14802 Aug 21 02:07 kern.log.2.gz
-rw-r-----  1 root           root               3803 Aug 16 11:30 firewalld
-rw-------  1 root           root                225 Aug 16 02:01 php7.4-fpm.log.7.gz
-rw-r--r--  1 root           root              24024 Aug 15 14:50 faillog
drwxr-xr-x  1 root           root                 12 Aug 15 14:42 runit
-rw-------  1 root           root               2975 Aug 15 14:15 php7.3-fpm.log.1
drwxr-sr-x+ 1 root           systemd-journal      64 Aug 15 14:08 journal
-rw-r-----  1 root           adm                7085 Aug 15 00:00 messages.3.gz
-rw-r-----  1 root           adm               48801 Aug 15 00:00 daemon.log.3.gz
-rw-r-----  1 root           adm               10442 Aug 15 00:00 syslog.3.gz
-rw-r-----  1 root           adm               24311 Aug 15 00:00 auth.log.3.gz
-rw-r-----  1 root           adm                2944 Aug 15 00:00 debug.3.gz
-rw-r-----  1 root           adm                6321 Aug 14 23:16 user.log.3.gz
-rw-r-----  1 root           adm                 646 Aug 14 02:21 kern.log.3.gz
-rw-r-----  1 root           adm               10611 Aug 14 00:00 syslog.4.gz
-rw-r-----  1 root           adm               11336 Aug 13 00:00 syslog.5.gz
-rw-r-----  1 root           adm               11221 Aug 10 00:00 syslog.6.gz
-rw-r-----  1 root           adm               11335 Aug  9 00:00 syslog.7.gz
-rw-r-----  1 root           adm              776001 Aug  8 00:00 messages.4.gz
-rw-------  1 root           root                 74 Aug  8 00:00 php7.3-fpm.log.2.gz
drwxr-xr-x  1 matrix-synapse nogroup             288 Aug  8 00:00 matrix-synapse
-rw-r-----  1 root           adm               53272 Aug  8 00:00 daemon.log.4.gz
-rw-r-----  1 root           adm               24598 Aug  8 00:00 auth.log.4.gz
-rw-r-----  1 root           adm                2790 Aug  8 00:00 debug.4.gz
-rw-r-----  1 root           adm              773915 Aug  7 23:16 user.log.4.gz
-rw-r-----  1 root           adm                 441 Aug  7 02:21 kern.log.4.gz
-rw-r-----  1 root           adm             3073924 Aug  1 00:00 messages.5.gz
-rw-r-----  1 root           adm             3076030 Aug  1 00:00 user.log.5.gz
-rw-------  1 root           root                 74 Aug  1 00:00 php7.3-fpm.log.3.gz
-rw-r-----  1 root           adm               55099 Aug  1 00:00 daemon.log.5.gz
-rw-r-----  1 root           adm               26034 Aug  1 00:00 auth.log.5.gz
-rw-r-----  1 root           adm                3196 Aug  1 00:00 debug.5.gz
-rw-r-----  1 root           adm                 434 Jul 31 02:21 kern.log.5.gz
-rw-r--r--  1 root           root               2619 Jul 26 06:22 dpkg.log.3.gz
-rw-------  1 root           root                 74 Jul 25 00:00 php7.3-fpm.log.4.gz
-rw-------  1 root           root                228 Jul 22 02:01 php7.3-fpm.log.5.gz
-rw-------  1 root           root                 74 Jul 11 00:00 php7.3-fpm.log.6.gz
-rw-------  1 root           root                193 Jul  7 06:19 php7.3-fpm.log.7.gz
-rw-r--r--  1 root           root                173 Jul  7 06:18 alternatives.log.3.gz
-rw-r--r--  1 root           root               5489 Jun 29 07:37 dpkg.log.4.gz
-rw-r--r--  1 root           root                173 Jun 29 07:34 alternatives.log.4.gz
-rw-------  1 root           root                 73 Jun 27 00:00 php7.3-fpm.log.8.gz
-rw-r-----  1 root           root             585404 Jun 25 00:00 snapper.log-20210625.gz
-rw-------  1 root           root                254 Jun 21 02:01 php7.3-fpm.log.9.gz
-rw-------  1 root           root                 73 Jun 13 00:00 php7.3-fpm.log.10.gz
-rw-------  1 root           root                 73 Jun  6 00:00 php7.3-fpm.log.11.gz
drwxr-s---  1 debian-tor     adm                   0 Jun  4 17:52 tor
-rw-r--r--  1 root           root                163 Jun  1 20:03 alternatives.log.5.gz
-rw-------  1 root           root                 73 May 30 00:00 php7.3-fpm.log.12.gz
-rw-r--r--  1 root           root               2211 May 25 06:20 dpkg.log.5.gz
-rw-------  1 root           root                 73 May 23 00:00 php7.3-fpm.log.13.gz
-rw-r--r--  1 root           root               1182 Apr 24 06:22 dpkg.log.6.gz
-rw-r--r--  1 root           root               3254 Mar 28  2021 dpkg.log.7.gz
-rw-r--r--  1 root           root              58268 Feb 26  2021 dpkg.log.8.gz
-rw-r--r--  1 root           root               2831 Feb 26  2021 alternatives.log.6.gz
drwxr-xr-x  1 root           root                  6 Feb  5  2021 uwsgi
drwxr-x---  1 root           adm                   0 Sep  2  2019 samba
-rw-r--r--  1 root           root               1868 Jul 19  2019 fontconfig.log
-rw-r--r--  1 root           root              86168 Jul 19  2019 bootstrap.log
drwxr-xr-x  1 root           root                  0 Feb 20  2019 openvpn
drwx------  1 root           root                  0 Feb 14  2019 private
fbox@fbox:/var/log$

Is that normal?

sunil · October 8, 2021, 1:37am

Writing to several log files (often in a duplicated way) is not the best thing for SD cards on SBCs as they are tiny random writes. We turned off syslog in favor of systemd-journald. Please use journalctl to query the logs. Examples:

To get plinth daemon logs: journalctl -u plinth
To get all system logs (like syslog): journalctl
To follow the logs: journalctl -f

Avron · October 8, 2021, 4:14pm

Thanks. This allows me to go one step further, but I’ll make a separate post for it.

Avron · October 14, 2021, 11:06am

For people interested: run all of the suggested “journalctl” commands as root, or with sudo, otherwise you are missing 90% of information.

I only realized this now, after failing to find useful information for a while.

jag · December 15, 2023, 6:43pm

Hi! I’m new to this and I’m trying to set up a privacy-oriented server for my community. Would it be possible to set up a way to purge these logs periodically?

Avron · December 16, 2023, 8:01pm

In “System->Configuration”, the last item gives 3 choices for the journal: write on disk, keep in memory until next reboot, no journal, so I guess you could use the last option.

I have not tried this myself but if you want some journal for debugging purpose, you could setup a cron job to run the journalctl command to purge anything older than a certain time (see the --vacuum-time option).

jag · December 16, 2023, 11:07pm

Thank you! I just moved to it and it looks like it works!

jag · January 11, 2024, 7:48pm

Another question for you! When logs are disabled, is fail2ban able to work still? Or does it depend on the logs for that?

Avron · January 12, 2024, 12:31pm

Sorry but I don’t have much knowledge on this. I would expect that this does not affect fail2ban but it would be nice if someone more familiar with this can confirm.