[Bug 1059854] Re: auth.log is empty
nick parlante
nick.parlante at cs.stanford.edu
Tue Oct 2 23:47:43 UTC 2012
Well it's a nice theory, but I can't seem to make it happen by deleting
the log files and forcing a rotation.
I see that logrotate.d/rsyslog does specify the "missingok" option for
these logs files. If that inhibts the "create" option for a missing log
file, then my theory above theory #5 is probably out, as logrotate
should not be creating these log files.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1059854
Title:
auth.log is empty
Status in “rsyslog” package in Ubuntu:
New
Bug description:
On a fresh 12.04 64 bit machine in the default state + sshd installed,
the auth.log file remained empty, when normally it would fill up with
sshd hacking attempts. The sshd_config was left at its default, which
should record login failures.
I have figured out a workaround, which is probably a good clue about
the underlying bug.
It turns out that the permissions of auth.log were: messagebus
(owner) adm (group)
doing a
sudo chown syslog /etc/auth.log
fixed the problem instantly, with failed logins now going to the file
as expected. I don't know if this "fix" will survive log rotation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1059854/+subscriptions
More information about the foundations-bugs
mailing list