Continuing the series of how-not-to-be-a-sysadmin, I offer this vignette (even though I hate the word/context vignette. It’s too hoity toity. Couldn’t one just say scene? or scenario? It seems like when people use vignette they’re putting too much emphasis on how they’re describing something when that time is better spent on what they’re actually describing. Damn, I think that’s happening here. But it’s so much fun to be meta.)

Remote syslogging requires pointing the remote host to the logging server. This I always remember to do. It also requires setting up syslog.conf to “catch” the logs and put them in the proper place. This I remember to do. When I migrate/upgrade systems, I usually remember to put the log files and /etc config files back.

I forget that modern distributions disable (or don’t by default enable) accepting remote logging. And you have to edit the startup scripts (or their associated configs) to put the -r flag in (and maybe the -h flag, for good measure.) Maybe it’s because syslog didn’t always used to require this.

It’s more annoying when I discover this four months after a transition, when I finally want to mine those logs, and the file is empty. Then I spent 20 or so minutes checking things, restarting syslogd to make sure there’s not a locked file or something. Then I fix the command line settings, restart syslogd, and watch the log file start up again.

Why didn’t I do that four months ago?

Tags: sysadmin