What type of log files are available?

[Gord_W]

Hi,

In /var/log I have a bunch of log files. Are there any system error files that I can turn on or other other reporting type logs?

Running headless through ssh.

drwxrwxr-x 2 root root 80 Dec 7 23:33 apt
-rwxrwxr-x 1 root root 0 Dec 7 23:33 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 1 Dec 8 00:17 dmesg
-rwxrwxr-x 1 root root 1 Dec 8 00:17 dpkg.log
drwxrwxr-x 2 root root 80 Dec 7 23:33 fsck
drwxrwxr-x 2 root root 40 Dec 7 23:33 news
-rwxrwxr-x 1 root root 1 Dec 8 00:17 ntpd.log
drwxrwxr-x 2 root root 120 Dec 8 10:35 ntpstats
drwxrwxr-x 2 root root 100 Dec 7 23:33 proftpd
drwxrwxr-x 2 root root 40 Dec 7 23:33 samba

Gordon Williams

[Fourdee]

Hi,

In /var/log I have a bunch of log files. Are there any system error files that I can turn on or other other reporting type logs?

Running headless through ssh.

drwxrwxr-x 2 root root 80 Dec 7 23:33 apt
-rwxrwxr-x 1 root root 0 Dec 7 23:33 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 1 Dec 8 00:17 dmesg
-rwxrwxr-x 1 root root 1 Dec 8 00:17 dpkg.log
drwxrwxr-x 2 root root 80 Dec 7 23:33 fsck
drwxrwxr-x 2 root root 40 Dec 7 23:33 news
-rwxrwxr-x 1 root root 1 Dec 8 00:17 ntpd.log
drwxrwxr-x 2 root root 120 Dec 8 10:35 ntpstats
drwxrwxr-x 2 root root 100 Dec 7 23:33 proftpd
drwxrwxr-x 2 root root 40 Dec 7 23:33 samba

Gordon Williams

Hi Gordon,

It sounds like you need rsyslog. This allows for system logs (And other programs that use it) to be stored.

DietPi-Ramlog does not have rsyslog installed (to improve performance). So you'll need to either install rsyslog manually, or, use the "Full" logging mode in dietpi-software.

Code: Select all

apt-get install rsyslog

[Gord_W]

Hi,

3 things:

1) I used your dietpi config to change the logging to rsyslog and logrotate. I noticed during the software install process heirloom-mailx was also installed. What is it's purpose?


2) proftp config
In the proftp log file there are "wtmp /var/log/wtmp: No such file or directory" every few lines which increases the size of the file.
...
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): FTP session opened.
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): ROOT FTP login successful.
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): wtmp /var/log/wtmp: No such file or directory
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): USER root: Login successful.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): FTP session opened.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): ROOT FTP login successful.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): wtmp /var/log/wtmp: No such file or directory
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): USER root: Login successful.

These can be stopped by making WtmpLog off in the config. I've also made a few other
changes to the proftp.conf file:

#Correct time - may be still off due to DST -gw change
TimesGMT off

# to stop logging wtmp /var/log/wtmp: No such file or directory -gw change
WtmpLog off

#This will jail users in one directory -gw change
#DefaultRoot /root

3) /logfile_storage

When I was using your log option 2 there is an extra directory created with logs in it /logfile_storage . This is on top of the ones in /root/logfile_storage.

4) Under /var/log there are many files now - as might be expected

-rwxrwxr-x 1 root root 0 Dec 9 14:54 alternatives.log
drwxrwxr-x 2 root root 4096 Dec 9 14:54 apt
-rwxrwxr-x 1 root root 4596 Dec 9 16:08 auth.log
-rwxrwxr-x 1 root root 1066 Dec 9 15:42 daemon.log
-rwxrwxr-x 1 root root 1489 Dec 9 14:54 debug
-rwxrwxr-x 1 root root 0 Dec 9 14:54 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 17280 Dec 9 14:54 dmesg
-rwxrwxr-x 1 root root 0 Dec 9 14:54 dpkg.log
drwxrwxr-x 2 root root 4096 Dec 9 14:54 fsck
-rwxrwxr-x 1 root root 25656 Dec 9 15:25 kern.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 lpr.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.err
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.info
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.warn
-rwxrwxr-x 1 root root 23866 Dec 9 14:54 messages
drwxrwxr-x 2 root root 4096 Dec 9 14:54 news
-rwxrwxr-x 1 root root 672 Dec 9 15:55 ntpd.log
drwxrwxr-x 2 root root 4096 Dec 9 15:14 ntpstats
drwxrwxr-x 2 root root 4096 Dec 9 14:54 proftpd
drwxrwxr-x 2 root root 4096 Dec 9 14:54 samba
-rwxrwxr-x 1 root root 27183 Dec 9 15:42 syslog
-rwxrwxr-x 1 root root 0 Dec 9 14:54 user.log

syslog is the main one while messages, kern.log, dmesg are just large subsets of the syslog. messages, kern.log, dmesg are redundant and taking up space.

Gordon Williams

[Fourdee]

Hi,

3 things:

1) I used your dietpi config to change the logging to rsyslog and logrotate. I noticed during the software install process heirloom-mailx was also installed. What is it's purpose?

Hi Gordon,

Some good finds, great stuff!

On Wheezy, heirloom-mailx is pulled in with:

Code: Select all

apt-get install logrotate

For v103: I've updated the installation code to use --no-install-recommends, this will leave the mail package out for new installations.

2) proftp config
In the proftp log file there are "wtmp /var/log/wtmp: No such file or directory" every few lines which increases the size of the file.

Added to v103 patch and new proftpd installations: WtmpLog off

#Correct time - may be still off due to DST -gw change
TimesGMT off

Not sure about this one. I vaguely remember a user having timestamp issues with proftpd, not sure if this was related. I'll look into it a bit more.

#This will jail users in one directory -gw change
#DefaultRoot /root

Yep, enabling this will jail the proftpd logins to /root. This is left on by default so that our users dont get "lost" when using proftpd as a file server.

3) /logfile_storage

When I was using your log option 2 there is an extra directory created with logs in it /logfile_storage . This is on top of the ones in /root/logfile_storage.

Strange, lets try to find all folders with that name on your system.
Could you run the following for me please and reply with results:

Code: Select all

find / -type d -name logfile_storage

4) Under /var/log there are many files now - as might be expected
-rwxrwxr-x 1 root root 0 Dec 9 14:54 lpr.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.err
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.info
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.log

Try running the following to list all logfiles with 0 filesize, delete, then reboot system. If they reappear, they are being generated by rsyslog:

Code: Select all

find /var/log -type f -size 0

Thanks Gordon, good stuff.

[Gord_W]

I'm no longer using your option 2 for logs (1hr logs with store) but this is what on my system currently.

root@DietPi:~# find / -type d -name logfile_storage
/root/logfile_storage
/logfile_storage


It was not so much that there were files (eg. mail) that had zero size, but that there were essentially 3 large files that contained almost exactly the same information. The syslog file contains all the information in the other two, making the other 2 redundant and only consuming disk space. I'm sure a tweek to to the rsyslog config file can fix that.

After deleting the 0 size file and rebootng they reappeared.

Gordon Williams

[Gord_W]

Sent email to you with changed rsyslog.conf file changes to remove the redundant logs created.

Gordon Williams

[Wolfgan]

Since a few days ago, I noticed that my ftp service (proftpd) wasn't starting at boot time. While troubleshooting, I discovered it's an issue related to logfile folder as per .conf (/var/log/proftpd/) not being created beforehand:

Code: Select all

Jul 13 16:18:53 DietPi proftpd[1158]: 2016-07-13 16:18:53,104 DietPi proftpd[1165]: fatal: ControlsLog: unable to open '/var/log/proftpd/controls.log': No such file or directory on line 66 of '/etc/proftpd/proftpd.conf'

A simple "sudo mkdir /var/log/proftpd/" and "sudo service proftpd start" via ssh promptly solves the issue, but I wonder if anything changed lately that may be affecting this behaviour, or someone else suffering this issue as well?

Thx, Wolf

[Fourdee]

Since a few days ago, I noticed that my ftp service (proftpd) wasn't starting at boot time. While troubleshooting, I discovered it's an issue related to logfile folder as per .conf (/var/log/proftpd/) not being created beforehand:

Code: Select all

Jul 13 16:18:53 DietPi proftpd[1158]: 2016-07-13 16:18:53,104 DietPi proftpd[1165]: fatal: ControlsLog: unable to open '/var/log/proftpd/controls.log': No such file or directory on line 66 of '/etc/proftpd/proftpd.conf'

A simple "sudo mkdir /var/log/proftpd/" and "sudo service proftpd start" via ssh promptly solves the issue, but I wonder if anything changed lately that may be affecting this behaviour, or someone else suffering this issue as well?

Thx, Wolf

Hi Wolf,

Very strange, I just did a fresh installation and it appears everything is in order

Code: Select all

root@DietPi:~# cat /var/log/proftpd/proftpd.log
2016-07-17 17:06:10,440 DietPi proftpd[931] DietPi: ProFTPD 1.3.5 (stable) (built Tue May 19 2015 20:09:22 UTC) standalone mode STARTUP

I'am not entirely sure what would cause this to be removed. Have you by any chance, used dietpi-cleaner or any other script/program that clears the /var/log directory?