What type of log files are available?

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
Gord_W
Posts: 134
Joined: Sat Oct 24, 2015 6:30 pm

What type of log files are available?

Post by Gord_W »

Hi,

In /var/log I have a bunch of log files. Are there any system error files that I can turn on or other other reporting type logs?

Running headless through ssh.

drwxrwxr-x 2 root root 80 Dec 7 23:33 apt
-rwxrwxr-x 1 root root 0 Dec 7 23:33 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 1 Dec 8 00:17 dmesg
-rwxrwxr-x 1 root root 1 Dec 8 00:17 dpkg.log
drwxrwxr-x 2 root root 80 Dec 7 23:33 fsck
drwxrwxr-x 2 root root 40 Dec 7 23:33 news
-rwxrwxr-x 1 root root 1 Dec 8 00:17 ntpd.log
drwxrwxr-x 2 root root 120 Dec 8 10:35 ntpstats
drwxrwxr-x 2 root root 100 Dec 7 23:33 proftpd
drwxrwxr-x 2 root root 40 Dec 7 23:33 samba

Gordon Williams
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: What type of log files are available?

Post by Fourdee »

Gord_W wrote:Hi,

In /var/log I have a bunch of log files. Are there any system error files that I can turn on or other other reporting type logs?

Running headless through ssh.

drwxrwxr-x 2 root root 80 Dec 7 23:33 apt
-rwxrwxr-x 1 root root 0 Dec 7 23:33 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 1 Dec 8 00:17 dmesg
-rwxrwxr-x 1 root root 1 Dec 8 00:17 dpkg.log
drwxrwxr-x 2 root root 80 Dec 7 23:33 fsck
drwxrwxr-x 2 root root 40 Dec 7 23:33 news
-rwxrwxr-x 1 root root 1 Dec 8 00:17 ntpd.log
drwxrwxr-x 2 root root 120 Dec 8 10:35 ntpstats
drwxrwxr-x 2 root root 100 Dec 7 23:33 proftpd
drwxrwxr-x 2 root root 40 Dec 7 23:33 samba

Gordon Williams
Hi Gordon,

It sounds like you need rsyslog. This allows for system logs (And other programs that use it) to be stored.

DietPi-Ramlog does not have rsyslog installed (to improve performance). So you'll need to either install rsyslog manually, or, use the "Full" logging mode in dietpi-software.

Code: Select all

apt-get install rsyslog
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Gord_W
Posts: 134
Joined: Sat Oct 24, 2015 6:30 pm

Re: What type of log files are available?

Post by Gord_W »

Hi,

3 things:

1) I used your dietpi config to change the logging to rsyslog and logrotate. I noticed during the software install process heirloom-mailx was also installed. What is it's purpose?


2) proftp config
In the proftp log file there are "wtmp /var/log/wtmp: No such file or directory" every few lines which increases the size of the file.
...
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): FTP session opened.
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): ROOT FTP login successful.
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): wtmp /var/log/wtmp: No such file or directory
Dec 09 15:12:51 DietPi proftpd[2241] DietPi (192.168.1.105[192.168.1.105]): USER root: Login successful.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): FTP session opened.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): ROOT FTP login successful.
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): wtmp /var/log/wtmp: No such file or directory
Dec 09 15:13:31 DietPi proftpd[2242] DietPi (192.168.1.105[192.168.1.105]): USER root: Login successful.

These can be stopped by making WtmpLog off in the config. I've also made a few other
changes to the proftp.conf file:

#Correct time - may be still off due to DST -gw change
TimesGMT off

# to stop logging wtmp /var/log/wtmp: No such file or directory -gw change
WtmpLog off

#This will jail users in one directory -gw change
#DefaultRoot /root

3) /logfile_storage

When I was using your log option 2 there is an extra directory created with logs in it /logfile_storage . This is on top of the ones in /root/logfile_storage.

4) Under /var/log there are many files now - as might be expected

-rwxrwxr-x 1 root root 0 Dec 9 14:54 alternatives.log
drwxrwxr-x 2 root root 4096 Dec 9 14:54 apt
-rwxrwxr-x 1 root root 4596 Dec 9 16:08 auth.log
-rwxrwxr-x 1 root root 1066 Dec 9 15:42 daemon.log
-rwxrwxr-x 1 root root 1489 Dec 9 14:54 debug
-rwxrwxr-x 1 root root 0 Dec 9 14:54 dietpi-apt-get_update
-rwxrwxr-x 1 root adm 17280 Dec 9 14:54 dmesg
-rwxrwxr-x 1 root root 0 Dec 9 14:54 dpkg.log
drwxrwxr-x 2 root root 4096 Dec 9 14:54 fsck
-rwxrwxr-x 1 root root 25656 Dec 9 15:25 kern.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 lpr.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.err
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.info
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.warn
-rwxrwxr-x 1 root root 23866 Dec 9 14:54 messages
drwxrwxr-x 2 root root 4096 Dec 9 14:54 news
-rwxrwxr-x 1 root root 672 Dec 9 15:55 ntpd.log
drwxrwxr-x 2 root root 4096 Dec 9 15:14 ntpstats
drwxrwxr-x 2 root root 4096 Dec 9 14:54 proftpd
drwxrwxr-x 2 root root 4096 Dec 9 14:54 samba
-rwxrwxr-x 1 root root 27183 Dec 9 15:42 syslog
-rwxrwxr-x 1 root root 0 Dec 9 14:54 user.log

syslog is the main one while messages, kern.log, dmesg are just large subsets of the syslog. messages, kern.log, dmesg are redundant and taking up space.

Gordon Williams
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: What type of log files are available?

Post by Fourdee »

Gord_W wrote:Hi,

3 things:

1) I used your dietpi config to change the logging to rsyslog and logrotate. I noticed during the software install process heirloom-mailx was also installed. What is it's purpose?
Hi Gordon,

Some good finds, great stuff!

On Wheezy, heirloom-mailx is pulled in with:

Code: Select all

apt-get install logrotate
For v103: I've updated the installation code to use --no-install-recommends, this will leave the mail package out for new installations.
Gord_W wrote: 2) proftp config
In the proftp log file there are "wtmp /var/log/wtmp: No such file or directory" every few lines which increases the size of the file.
Added to v103 patch and new proftpd installations: WtmpLog off

Gord_W wrote: #Correct time - may be still off due to DST -gw change
TimesGMT off
Not sure about this one. I vaguely remember a user having timestamp issues with proftpd, not sure if this was related. I'll look into it a bit more.
Gord_W wrote: #This will jail users in one directory -gw change
#DefaultRoot /root
Yep, enabling this will jail the proftpd logins to /root. This is left on by default so that our users dont get "lost" when using proftpd as a file server.
Gord_W wrote: 3) /logfile_storage

When I was using your log option 2 there is an extra directory created with logs in it /logfile_storage . This is on top of the ones in /root/logfile_storage.
Strange, lets try to find all folders with that name on your system.
Could you run the following for me please and reply with results:

Code: Select all

find / -type d -name logfile_storage
Gord_W wrote: 4) Under /var/log there are many files now - as might be expected
-rwxrwxr-x 1 root root 0 Dec 9 14:54 lpr.log
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.err
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.info
-rwxrwxr-x 1 root root 0 Dec 9 14:54 mail.log
Try running the following to list all logfiles with 0 filesize, delete, then reboot system. If they reappear, they are being generated by rsyslog:

Code: Select all

find /var/log -type f -size 0
Thanks Gordon, good stuff.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Gord_W
Posts: 134
Joined: Sat Oct 24, 2015 6:30 pm

Re: What type of log files are available?

Post by Gord_W »

I'm no longer using your option 2 for logs (1hr logs with store) but this is what on my system currently.

root@DietPi:~# find / -type d -name logfile_storage
/root/logfile_storage
/logfile_storage


It was not so much that there were files (eg. mail) that had zero size, but that there were essentially 3 large files that contained almost exactly the same information. The syslog file contains all the information in the other two, making the other 2 redundant and only consuming disk space. I'm sure a tweek to to the rsyslog config file can fix that.

After deleting the 0 size file and rebootng they reappeared.

Gordon Williams
Gord_W
Posts: 134
Joined: Sat Oct 24, 2015 6:30 pm

Re: What type of log files are available?

Post by Gord_W »

Sent email to you with changed rsyslog.conf file changes to remove the redundant logs created.

Gordon Williams
Wolfgan
Posts: 16
Joined: Tue May 31, 2016 10:56 pm

Re: What type of log files are available?

Post by Wolfgan »

Since a few days ago, I noticed that my ftp service (proftpd) wasn't starting at boot time. While troubleshooting, I discovered it's an issue related to logfile folder as per .conf (/var/log/proftpd/) not being created beforehand:

Code: Select all

Jul 13 16:18:53 DietPi proftpd[1158]: 2016-07-13 16:18:53,104 DietPi proftpd[1165]: fatal: ControlsLog: unable to open '/var/log/proftpd/controls.log': No such file or directory on line 66 of '/etc/proftpd/proftpd.conf'
A simple "sudo mkdir /var/log/proftpd/" and "sudo service proftpd start" via ssh promptly solves the issue, but I wonder if anything changed lately that may be affecting this behaviour, or someone else suffering this issue as well?

Thx, Wolf
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: What type of log files are available?

Post by Fourdee »

Wolfgan wrote:Since a few days ago, I noticed that my ftp service (proftpd) wasn't starting at boot time. While troubleshooting, I discovered it's an issue related to logfile folder as per .conf (/var/log/proftpd/) not being created beforehand:

Code: Select all

Jul 13 16:18:53 DietPi proftpd[1158]: 2016-07-13 16:18:53,104 DietPi proftpd[1165]: fatal: ControlsLog: unable to open '/var/log/proftpd/controls.log': No such file or directory on line 66 of '/etc/proftpd/proftpd.conf'
A simple "sudo mkdir /var/log/proftpd/" and "sudo service proftpd start" via ssh promptly solves the issue, but I wonder if anything changed lately that may be affecting this behaviour, or someone else suffering this issue as well?

Thx, Wolf
Hi Wolf,

Very strange, I just did a fresh installation and it appears everything is in order

Code: Select all

root@DietPi:~# cat /var/log/proftpd/proftpd.log
2016-07-17 17:06:10,440 DietPi proftpd[931] DietPi: ProFTPD 1.3.5 (stable) (built Tue May 19 2015 20:09:22 UTC) standalone mode STARTUP
I'am not entirely sure what would cause this to be removed. Have you by any chance, used dietpi-cleaner or any other script/program that clears the /var/log directory?
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Post Reply