How to start or activate syslog socket in CENTOS 7?

Question

First I want to thank stackoverflow and all its active members to make stackoverflow a beautiful question answer site. I am struggling a whole day to figure out rsyslog message logging.

I am working on a CENTOS 7 operating system. The system and its logging was working correctly since yesterday. Due to data center issue the server has been rebooted by the hosting company last night and made my server logging daemon to unstable status.

Now there are following log files at /var/log directory. These files are given below. 1. /var/log/cron 2. /var/log/maillog 3. /var/log/messages 4. /var/log/secure

Now rsyslog is not writing any log message to any of the above log files. I searched the internet a lot but i did not find any suitable answer. I think this is happening for unix socket. I am getting the below output for command:

"systemctl status syslog.socket"

syslog.socket - Syslog Socket Loaded: loaded (/usr/lib/systemd/system/syslog.socket; static) Active: inactive (dead) Docs: man:systemd.special(7) http://www.freedesktop.org/wiki/Software/systemd/syslog Listen: /run/systemd/journal/syslog (Datagram)

Aug 12 14:56:31 server1 systemd[1]: Starting Syslog Socket. Aug 12 14:56:31 server1 systemd[1]: Socket service syslog.service not loaded, refusing. Aug 12 14:56:31 server1 systemd[1]: Failed to listen on Syslog Socket.

Note: rsyslog daemon is running correctly. See below for rsyslog status

rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled) Active: active (running) since Wed 2015-08-12 16:04:08 IST; 33min ago Main PID: 145 (rsyslogd) CGroup: /system.slice/rsyslog.service `-145 /usr/sbin/rsyslogd -n
Aug 12 15:15:44 server1 systemd[1]: Started System Logging Service.
Aug 12 15:34:25 server1 systemd[1]: Stopping System Logging Service...
Aug 12 15:34:25 server1 systemd[1]: Stopped System Logging Service.
Aug 12 15:34:49 server1 systemd[1]: Started System Logging Service.
Aug 12 16:03:44 server1 systemd[1]: Stopping System Logging Service...
Aug 12 16:03:44 server1 systemd[1]: Stopped System Logging Service.
Aug 12 16:04:08 server1 systemd[1]: Starting System Logging Service...
Aug 12 16:04:08 server1 systemd[1]: Started System Logging Service.
Aug 12 16:37:49 server1 systemd[1]: Started System Logging Service.

Please help me to troubleshoot the issue.

Hasanuzzaman Sattar · Accepted Answer

After a deep research i found the problem with imjournal.state file. imjournal.state file holds the state of journal control service. In REHL the system messages are actually controlled by journal control service. Rsyslog service works like a transporter between journal service and /var/log directory and it transports log messages to log directory files. To solve the said problem I have followed the following steps.

1. First delete all files and folders of directory "/var/log/journal". Make sure you have not deleted the journal directory itself. This directory actually contains the log messages of journal service.
2. Now delete the imjournal state file. You can file the file at "/var/lib/rsyslog/imjournal.state". This file holds the state of rsyslog service for reading messages from journal directory.
3. Now restart the journal service using command "systemctl restart systemd-journald.service".
4. Now restart the rsyslog service using command "systemctl restart rsyslog.service".

Now rsyslog service can pull log messages from journal directory and can write it to respective log file. You may reboot the machine too if only restart does not work.

How to start or activate syslog socket in CENTOS 7?

Answers (2)

Related Questions