Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1945 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging archive function defective

tkaufi
Hi,

I´ve got a problem with the log archives of my ASG 220 7.52 cluster.
As i´ve seen now, all archived logs since end of january are empty. The logs before this date are available.
The daily log works, but after the logrotate, the log from the former day are gone

A restart of the system doesn´t help.


In the logarchiver log i find this kind of logs

2010:03:01-00:00:03 FW2-1 logarchiver[20254]:  WARN: can't move file /var/log/working/xorp-2010-02-28.log -> /var/log/xorp/2010/02:No such file or directory
2010:03:01-00:00:04 FW2-2 logarchiver[32760]:  INFO: * archiving files ... 
2010:03:01-00:00:03 FW2-1 logarchiver[20254]:  WARN: failed to archive xorp-2010-02-28.log: Connection refused

2010:03:01-00:00:07 FW2-2 logarchiver[32760]:  WARN: failed to archive user_prefetch-2010-02-28.log: No such file or directory
2010:03:01-00:00:07 FW2-1 logarchiver[20250]:  WARN: error [2]: can't compress /var/log/accd/2010/02/accd-2010-02-28.log: No such file or directory

2010:03:01-00:00:08 FW2-2 logarchiver[32764]:  WARN: error [2]: can't compress /var/log/pptpd/2010/02/pptpd-2010-02-28.log: No such file or directory
2010:03:01-00:00:08 FW2-1 logarchiver[20249]:  INFO: can't read ARM config '/etc/arm.conf': No such file or directory
2010:03:01-00:00:08 FW2-1 logarchiver[20249]:  INFO: skipping ARM section - no configuration found


any ideas?

CU
Thomas


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    found out, that in /var/log a directory "working" will be created where some logfiles will be moved to. But they´re also empty.

    Since my test machine -where the log archiving works properly- hasn´t have this directory, i´ve deleted this directory on production system, too.
    But the other day the directory have been created again.

    So i think something must going wrong througt the logrotate process

    please advise

    CU
    Thomas
  • 0 in reply to tkaufi
    hi all,

    i think, i found the problem. The crontab have been changed and the change date matches the first day of the problem appears.
    So i´ve checked the /etc/crontab and found it was choppy. There were several entrys twice.
    and if logrotate runs twice, it won´t found old log files and creates "empty" log files.

    Have now cleaned the crontab, so it should work properly

    CU
    Thomas
Reply
  • 0 in reply to tkaufi
    hi all,

    i think, i found the problem. The crontab have been changed and the change date matches the first day of the problem appears.
    So i´ve checked the /etc/crontab and found it was choppy. There were several entrys twice.
    and if logrotate runs twice, it won´t found old log files and creates "empty" log files.

    Have now cleaned the crontab, so it should work properly

    CU
    Thomas
Children
No Data