Header RSS Feed
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

rsyslog not logging into /var/log/mail.log? Check permissions!
Monday - Aug 22nd 2016 - by - (1 comments)

For a week or so I wondered why on one SMTP server (Ubuntu 16.04 Xenial with Rsyslogd and Postfix) rsyslog never logged into /var/log/mail.log, although this is clearly defined in the rsyslog config file:

 # cat /etc/rsyslog.d/50-default.conf | grep mail
mail.*                -/var/log/mail.log
# Logging for the mail system.  Split it up so that
#mail.info            -/var/log/mail.info
#mail.warn            -/var/log/mail.warn
mail.err            /var/log/mail.err
#    news.none;mail.none    -/var/log/debug
#    mail,news.none        -/var/log/messages

Instead all log entries from the mail facility were logged into /var/log/syslog.

Yet on another SMTP server the mail facility log entries were correctly logged into /var/log/mail.log. Strangely enough, both systems were set up the same way.

Today I got some time for investigation and found out, that the permissions of the folder /var/log was different:

On SMTP01 (where mail logging happened into /var/log/syslog):

root@smtp01:/var# stat log
  File: 'log'
  Size: 4096          Blocks: 8          IO Block: 4096   directory
Device: fc00h/64512d    Inode: 1005        Links: 11
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (  108/  syslog)
Access: 2016-08-22 08:29:56.243493060 +0200
Modify: 2016-08-22 08:29:55.747484499 +0200
Change: 2016-08-22 08:29:55.747484499 +0200
 Birth: -

On SMTP01 (where mail logging happened correctly into /var/log/mail.log):

 root@smtp02:/var# stat log
  File: 'log'
  Size: 4096          Blocks: 8          IO Block: 4096   directory
Device: fc01h/64513d    Inode: 1005        Links: 11
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: (  108/  syslog)
Access: 2016-08-22 08:25:37.991669507 +0200
Modify: 2016-08-22 06:25:04.620044011 +0200
Change: 2016-08-22 06:25:04.620044011 +0200
 Birth: -

On SMTP01 the permissions were 0755, on SMTP02 0775. Big difference!

After I set the same permissions on smtp01 and restarting rsyslogd, logging of the mail facility started into /var/log/mail.log.

However I still don't know where this permission diff came from. In no logfile (and I have command auditing active) I was able to find a command who'd have edited the permissions.


Add a comment

Show form to leave a comment

Comments (newest first):

Jorge Gustavo Rocha wrote on Nov 21st, 2016:
Hi Claudio,
The same happened to me, on a Ubuntu 16.04 deployed on the cloud (scalaway). On servers deployed from the Ubuntu distribution that never happened before. Thanks for your tip.

Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

6938 Days
until Death of Computers