[Bug 1059854] Re: auth.log is empty
Aaron B. Russell
aaron at unadopted.co.uk
Sun Oct 14 10:39:21 UTC 2012
Workaround: open /etc/logrotate.d/rsyslog, and replace this line:
reload rsyslog >/dev/null 2>&1 || true
... with this line:
restart rsyslog >/dev/null 2>&1 || true
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1059854
Title:
auth.log is empty
Status in “rsyslog” package in Ubuntu:
Confirmed
Bug description:
On a fresh 12.04 64 bit machine in the default state + sshd installed,
the auth.log file remained empty, when normally it would fill up with
sshd hacking attempts. The sshd_config was left at its default, which
should record login failures.
I have figured out a workaround, which is probably a good clue about
the underlying bug.
It turns out that the permissions of auth.log were: messagebus
(owner) adm (group)
doing a
sudo chown syslog /etc/auth.log
fixed the problem instantly, with failed logins now going to the file
as expected. I don't know if this "fix" will survive log rotation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1059854/+subscriptions
More information about the foundations-bugs
mailing list