rsyslog seems to have vanished from my system












0















I'm debugging an issue where I think my server is spamming other servers because it is infected but all my logs stop in august last year, and rsyslog is missing from the system /etc/rsyslog.d still exists and clearly it was writing logs once but there are no new logs being generated for /var/log/mail.log or /var/log/messages



but running



rsyslog


results in command not found, should I run: 



apt-get install rsyslog


and then 



service rsyslog start


and has any one seen anything like this before?






ubuntu logs email rsyslog







share|improve this question














bumped to the homepage by Community 10 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • try rsyslogd.

    – Manuel Faux
    Jul 21 '15 at 10:13











  • it says command not found and unrecognized service

    – arcanine
    Jul 21 '15 at 10:23











  • which rsyslogd ?

    – neuron
    Jul 21 '15 at 10:24











  • no output is given

    – arcanine
    Jul 21 '15 at 10:27











  • What is the output of ls -l /usr/sbin/rsyslogd?

    – mjturner
    Jul 21 '15 at 10:54
















0















I'm debugging an issue where I think my server is spamming other servers because it is infected but all my logs stop in august last year, and rsyslog is missing from the system /etc/rsyslog.d still exists and clearly it was writing logs once but there are no new logs being generated for /var/log/mail.log or /var/log/messages



but running



rsyslog


results in command not found, should I run: 



apt-get install rsyslog


and then 



service rsyslog start


and has any one seen anything like this before?






ubuntu logs email rsyslog







share|improve this question














bumped to the homepage by Community 10 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • try rsyslogd.

    – Manuel Faux
    Jul 21 '15 at 10:13











  • it says command not found and unrecognized service

    – arcanine
    Jul 21 '15 at 10:23











  • which rsyslogd ?

    – neuron
    Jul 21 '15 at 10:24











  • no output is given

    – arcanine
    Jul 21 '15 at 10:27











  • What is the output of ls -l /usr/sbin/rsyslogd?

    – mjturner
    Jul 21 '15 at 10:54














0












0








0








I'm debugging an issue where I think my server is spamming other servers because it is infected but all my logs stop in august last year, and rsyslog is missing from the system /etc/rsyslog.d still exists and clearly it was writing logs once but there are no new logs being generated for /var/log/mail.log or /var/log/messages



but running



rsyslog


results in command not found, should I run: 



apt-get install rsyslog


and then 



service rsyslog start


and has any one seen anything like this before?






ubuntu logs email rsyslog







share|improve this question














I'm debugging an issue where I think my server is spamming other servers because it is infected but all my logs stop in august last year, and rsyslog is missing from the system /etc/rsyslog.d still exists and clearly it was writing logs once but there are no new logs being generated for /var/log/mail.log or /var/log/messages



but running



rsyslog


results in command not found, should I run: 



apt-get install rsyslog


and then 



service rsyslog start


and has any one seen anything like this before?






ubuntu logs email rsyslog




ubuntu logs email rsyslog






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jul 21 '15 at 10:10









arcaninearcanine

1112




1112





bumped to the homepage by Community 10 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 10 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • try rsyslogd.

    – Manuel Faux
    Jul 21 '15 at 10:13











  • it says command not found and unrecognized service

    – arcanine
    Jul 21 '15 at 10:23











  • which rsyslogd ?

    – neuron
    Jul 21 '15 at 10:24











  • no output is given

    – arcanine
    Jul 21 '15 at 10:27











  • What is the output of ls -l /usr/sbin/rsyslogd?

    – mjturner
    Jul 21 '15 at 10:54



















  • try rsyslogd.

    – Manuel Faux
    Jul 21 '15 at 10:13











  • it says command not found and unrecognized service

    – arcanine
    Jul 21 '15 at 10:23











  • which rsyslogd ?

    – neuron
    Jul 21 '15 at 10:24











  • no output is given

    – arcanine
    Jul 21 '15 at 10:27











  • What is the output of ls -l /usr/sbin/rsyslogd?

    – mjturner
    Jul 21 '15 at 10:54

















try rsyslogd.

– Manuel Faux
Jul 21 '15 at 10:13





try rsyslogd.

– Manuel Faux
Jul 21 '15 at 10:13













it says command not found and unrecognized service

– arcanine
Jul 21 '15 at 10:23





it says command not found and unrecognized service

– arcanine
Jul 21 '15 at 10:23













which rsyslogd ?

– neuron
Jul 21 '15 at 10:24





which rsyslogd ?

– neuron
Jul 21 '15 at 10:24













no output is given

– arcanine
Jul 21 '15 at 10:27





no output is given

– arcanine
Jul 21 '15 at 10:27













What is the output of ls -l /usr/sbin/rsyslogd?

– mjturner
Jul 21 '15 at 10:54





What is the output of ls -l /usr/sbin/rsyslogd?

– mjturner
Jul 21 '15 at 10:54










3 Answers
3






active

oldest

votes


















0














Open the terminal and execute the command



# sudo add-apt-repository ppa:adiscon/v8-stable


Now install rsyslog



# sudo apt-get install rsyslog


to check rsyslog version,



# rsyslogd -v

rsyslogd 7.4.4, compiled with:

    FEATURE_REGEXP:             Yes

    FEATURE_LARGEFILE:          No

    GSSAPI Kerberos 5 support:      Yes

    FEATURE_DEBUG (debug build, slow code): No

    32bit Atomic operations supported:  Yes

    64bit Atomic operations supported:  Yes

    Runtime Instrumentation (slow code):    No

    uuid support:               Yes


Also check whether your rsyslog running






share|improve this answer


























  • I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

    – mjturner
    Jul 21 '15 at 15:36





















0














I've re-installed it using



apt-get install rsyslog


and logs seem to be filling up again, odd that it seems to have gone missing in the first place, it's clearly been on the system before






share|improve this answer
























  • Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

    – datUser
    Jul 21 '15 at 17:51



















0














Could be that You are running systemd.



Look in /var/log/README



You are running a systemd-based OS where traditional syslog has been

replaced with the Journal.





share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f217335%2frsyslog-seems-to-have-vanished-from-my-system%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Open the terminal and execute the command



    # sudo add-apt-repository ppa:adiscon/v8-stable


    Now install rsyslog



    # sudo apt-get install rsyslog


    to check rsyslog version,



    # rsyslogd -v
    
rsyslogd 7.4.4, compiled with:
    
    FEATURE_REGEXP:             Yes
    
    FEATURE_LARGEFILE:          No
    
    GSSAPI Kerberos 5 support:      Yes
    
    FEATURE_DEBUG (debug build, slow code): No
    
    32bit Atomic operations supported:  Yes
    
    64bit Atomic operations supported:  Yes
    
    Runtime Instrumentation (slow code):    No
    
    uuid support:               Yes


    Also check whether your rsyslog running






    share|improve this answer


























    • I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

      – mjturner
      Jul 21 '15 at 15:36


















    0














    Open the terminal and execute the command



    # sudo add-apt-repository ppa:adiscon/v8-stable


    Now install rsyslog



    # sudo apt-get install rsyslog


    to check rsyslog version,



    # rsyslogd -v
    
rsyslogd 7.4.4, compiled with:
    
    FEATURE_REGEXP:             Yes
    
    FEATURE_LARGEFILE:          No
    
    GSSAPI Kerberos 5 support:      Yes
    
    FEATURE_DEBUG (debug build, slow code): No
    
    32bit Atomic operations supported:  Yes
    
    64bit Atomic operations supported:  Yes
    
    Runtime Instrumentation (slow code):    No
    
    uuid support:               Yes


    Also check whether your rsyslog running






    share|improve this answer


























    • I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

      – mjturner
      Jul 21 '15 at 15:36
















    0












    0








    0







    Open the terminal and execute the command



    # sudo add-apt-repository ppa:adiscon/v8-stable


    Now install rsyslog



    # sudo apt-get install rsyslog


    to check rsyslog version,



    # rsyslogd -v
    
rsyslogd 7.4.4, compiled with:
    
    FEATURE_REGEXP:             Yes
    
    FEATURE_LARGEFILE:          No
    
    GSSAPI Kerberos 5 support:      Yes
    
    FEATURE_DEBUG (debug build, slow code): No
    
    32bit Atomic operations supported:  Yes
    
    64bit Atomic operations supported:  Yes
    
    Runtime Instrumentation (slow code):    No
    
    uuid support:               Yes


    Also check whether your rsyslog running






    share|improve this answer















    Open the terminal and execute the command



    # sudo add-apt-repository ppa:adiscon/v8-stable


    Now install rsyslog



    # sudo apt-get install rsyslog


    to check rsyslog version,



    # rsyslogd -v
    
rsyslogd 7.4.4, compiled with:
    
    FEATURE_REGEXP:             Yes
    
    FEATURE_LARGEFILE:          No
    
    GSSAPI Kerberos 5 support:      Yes
    
    FEATURE_DEBUG (debug build, slow code): No
    
    32bit Atomic operations supported:  Yes
    
    64bit Atomic operations supported:  Yes
    
    Runtime Instrumentation (slow code):    No
    
    uuid support:               Yes


    Also check whether your rsyslog running







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Apr 13 '17 at 12:36









    Community

    1




    1










    answered Jul 21 '15 at 13:34









    lakshmikandanlakshmikandan

    1415




    1415













    • I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

      – mjturner
      Jul 21 '15 at 15:36





















    • I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

      – mjturner
      Jul 21 '15 at 15:36



















    I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

    – mjturner
    Jul 21 '15 at 15:36







    I wouldn't suggest installing rsyslog from a PPA - that's unnecessary. If the original poster doesn't have it installed, they can reinstall from the official Ubuntu repositories.

    – mjturner
    Jul 21 '15 at 15:36















    0














    I've re-installed it using



    apt-get install rsyslog


    and logs seem to be filling up again, odd that it seems to have gone missing in the first place, it's clearly been on the system before






    share|improve this answer
























    • Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

      – datUser
      Jul 21 '15 at 17:51
















    0














    I've re-installed it using



    apt-get install rsyslog


    and logs seem to be filling up again, odd that it seems to have gone missing in the first place, it's clearly been on the system before






    share|improve this answer
























    • Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

      – datUser
      Jul 21 '15 at 17:51














    0












    0








    0







    I've re-installed it using



    apt-get install rsyslog


    and logs seem to be filling up again, odd that it seems to have gone missing in the first place, it's clearly been on the system before






    share|improve this answer













    I've re-installed it using



    apt-get install rsyslog


    and logs seem to be filling up again, odd that it seems to have gone missing in the first place, it's clearly been on the system before







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Jul 21 '15 at 17:11









    arcaninearcanine

    1112




    1112













    • Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

      – datUser
      Jul 21 '15 at 17:51



















    • Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

      – datUser
      Jul 21 '15 at 17:51

















    Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

    – datUser
    Jul 21 '15 at 17:51





    Lots of malicious attacks involve disabling logging or redirecting logs to /dev/null. Its an early step after compromising a system, in order to avoid an audible trail. You might want to be suspicious of the system on the whole IMHO.

    – datUser
    Jul 21 '15 at 17:51











    0














    Could be that You are running systemd.



    Look in /var/log/README



    You are running a systemd-based OS where traditional syslog has been
    
replaced with the Journal.





    share|improve this answer




























      0














      Could be that You are running systemd.



      Look in /var/log/README



      You are running a systemd-based OS where traditional syslog has been
      
replaced with the Journal.





      share|improve this answer


























        0












        0








        0







        Could be that You are running systemd.



        Look in /var/log/README



        You are running a systemd-based OS where traditional syslog has been
        
replaced with the Journal.





        share|improve this answer













        Could be that You are running systemd.



        Look in /var/log/README



        You are running a systemd-based OS where traditional syslog has been
        
replaced with the Journal.






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered May 18 '18 at 18:35









        Kjeld FlarupKjeld Flarup

        111113




        111113






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f217335%2frsyslog-seems-to-have-vanished-from-my-system%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Entries order in /etc/network/interfaces

            Image
            4 I have a device with two interfaces, eth0 and eth1. One should get its IP from a DHCP server and the other should get its IP statically. If my /etc/network/interfaces file is configured as follows: auto lo iface lo inet loopback auto eth1 iface eth1 inet dhcp iface eth1 inet6 auto auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 Everything works great, eth1 gets its IP from the DHCP server, eth0 sets its IP statically from the information given, but if I try to change the order in the file, such as auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 auto eth1 iface eth1 inet dhcp iface eth1 inet6 auto In this case, eth1 fails to get an IP. Does the /etc/network/interface care about th...
            Read more

            新発田市

            Image
            しばたし 新発田市 市のシンボル・新発田城(二の丸隅櫓) 新発田市旗 1934年7月9日制定 新発田市章 1934年7月9日制定 国 日本 地方 中部地方、北陸地方 甲信越地方、信越地方 都道府県 新潟県 団体コード 15206-4 法人番号 5000020152064 面積 533.10 km 2 総人口 96,267 人 [編集] (推計人口、2018年10月1日) 人口密度 181 人/km 2 隣接自治体 新潟市、阿賀野市、胎内市、北蒲原郡聖籠町、東蒲原郡阿賀町 福島県喜多方市 山形県西置賜郡小国町 市の木 サクラ 市の花 アヤメ 市のシンボル 新発田城 新発田市役所 市長 [編集] 二階堂馨 所在地 〒 957-8686 新潟県新発田市中央町3丁目3番3号 北緯37度56分52.5秒東経139度19分38.2秒 外部リンク 公式ウェブサイト ■ ― 政令指定都市 / ■ ― 市 / ■ ― 町 / ■ ― 村 地理院地図 Google Bing GeoHack MapFan Mapion Yahoo! NAVITIME ゼンリン   表示   ウィキプロジェクト 新発田市中心部周辺の空中写真。 1975年撮影の8枚を合成作成。国土交通省 国土画像情報(カラー空中写真)を基に作成。 新発田市 (しばたし)は、新潟県下越地方にある市である。新潟市への通勤率は16.6%(平成22年国勢調査)。 目次 1 概要 2 地理 2.1 隣接している自治体・行政区 3 地域・市街地構成 4 歴史 4.1 市名の由来 4.2 沿革 5 人口 6 行政 6.1 市長 7 経済 7.1 産業 7.1.1 市内の主な企業 7.1.2 漁業 8 姉妹都市・提携都市 8.1 国内 8.2 海外 9 施設・...
            Read more

            Grub takes very long (several minutes) to open Menu (in Multi-Boot-System)

            Image
            0 I have a Multi-Boot-System with 4 different installations of Linux. (1 Manjaro, 3 Mint) spread over 2 hard drives (2 on each). After doing grub-install /dev/sdX and update-grub several times within each installation ... the Grub-menu needs more and more time to open. It started with a few more seconds, now it takes several minutes. I tried to purge and reinstall Grub but this made the problem even worse: apt-get purge grub grub-pc grub-common apt-get install grub-common grub-pc os-prober update-grub What could be causing this problem? linux grub2 multiboot share | improve this question edited 4 mins ago ...
            Read more