Has something changed semi-recently with how moOde handles logging? As early as last year I distinctly remember /var/log filling up the log files as usual, but sometime in that last few months, maybe, a large portion of the system logs have been routinely getting nulled. I have two up-to-date moOde systems running and they display virtually the exact same behavior.
Is this a feature or a bug ?
-if it's deliberate, I get it it but specifically auth.log bothers me and it only ever contains a few hours worth of data with no archives.
Or is something dubious going on?
Nulled files always show the same modification time. Here's a ls -la output:
Interestingly this also shows the weird behavior where sometimes kern.log is empty and sometimes it's not. usually it is though.
Output from my other pi:
I know heavy R/W's on SD card can reek havoc, but I have been using high endurance cards for over a year without any issues.
Thoughts? Concerns?
Edit: Actually it looks like this is a cron job or something like that based on the first commands and the beginning of auth.log :
Same modification times.....anyway just curious because it caught me off guard.
Is this a feature or a bug ?
-if it's deliberate, I get it it but specifically auth.log bothers me and it only ever contains a few hours worth of data with no archives.
Or is something dubious going on?
Nulled files always show the same modification time. Here's a ls -la output:
Code:
-rw-r----- 1 root adm 35437 Apr 26 08:28 daemon.log
-rw-r----- 1 root adm 1742 Apr 26 08:13 debug
-rw-r--r-- 1 root root 0 Apr 26 06:25 dpkg.log
-rw-r--r-- 1 root root 0 Apr 26 06:25 faillog
-rw-r--r-- 1 root root 1725 Nov 25 05:36 fontconfig.log
-rw-r----- 1 root adm 31277 Apr 26 08:13 kern.log
-rw-rw-r-- 1 root utmp 292292 Apr 26 08:19 lastlog
-rw-r----- 1 root adm 28452 Apr 26 08:13 messagesOutput from my other pi:
Code:
-rw-r----- 1 root adm 0 Apr 26 06:14 kern.log
-rw-rw-r-- 1 root utmp 292292 Apr 26 08:40 lastlog
drwxr-x--- 2 www-data www-data 4096 Apr 26 00:00 lighttpd
-rw-r----- 1 root adm 0 Apr 26 06:14 messages
-rw-r--r-- 1 minidlna minidlna 0 Apr 26 06:14 minidlna.logI know heavy R/W's on SD card can reek havoc, but I have been using high endurance cards for over a year without any issues.
Thoughts? Concerns?
Edit: Actually it looks like this is a cron job or something like that based on the first commands and the beginning of auth.log :
Code:
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session closed for user root
Apr 26 06:14:28 moOde sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/sqlite3 /var/local/www/db/moode-sqlite3.db vacuum
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session closed for user root
Apr 26 06:14:28 moOde sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/df
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session closed for user root
Apr 26 06:14:28 moOde sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/find /var/www -type l -delete
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session closed for user root
Apr 26 06:14:28 moOde sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ln -s /var/lib/mpd/music/ /var/www/7052027
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 26 06:14:28 moOde sudo: pam_unix(sudo:session): session closed for user rootSame modification times.....anyway just curious because it caught me off guard.
