• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Why is /var/log/secure empty?

Red Squirrel

Red Squirrel

No Lifer
I was working on one of my servers and realized I never installed fail2ban, which reads log files to ban IPs that try to log in. This server is local, but I like to do it out of habit anyway, was just never a priority. Recently I also started using it as a SSH gateway to my network, only my work IP and a few other IPs are allowed through so no big deal, but I still like to take precautions.

Was wondering why it was not working, then checked /var/log/secure and it's completely empty! I did tail -f and then started doing bad logins, still nothing! figured maybe it's going to /var/log/messages for some reason.. that's empty too! I googled it and I'm told to check /etc/syslog.conf, but as my luck would have it, that file does not even exist. Why are these logs empty? I also looked at /etc/ssh/sshd_config to see if there's any line to specify the log file but can't really see anything that would indicate a log location.

This is a fairly default install of CentOS 6 (I think it's 6, might be 5).
 
Check /etc/rsyslog.conf instead... If it isn't present you can just install the rsyslog package. Whatever info you found about syslog.conf should also apply to rsyslog.conf

Also, check `/etc/init.d/rsyslog status` and make sure its running.
 
Last edited:
Interesting, the rsyslog service was stopped and I started it and now stuff is logging. Is that a standard service that should normally be running? I wonder why it would have been not running. So how does this work? I figured sshd and other apps would just be appending information to the file directly? Though I guess that could cause issues given multiple apps use that log file, so it goes through that daemon first?

I'll set that service to start with the system then, if that's all it took.
 
Last edited:
Yes, syslog is a standard service and should be running by default. CentOS 5 had syslog, CentOS 6 has rsyslog.

Other services -- and kernel -- could be able to write directly (and some do) to files, but syslog offers decoupling, central configuration and even redirection (to other servers). A Good Thing.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top