After centos7 of a certain worker started the rsyslog, the logs /var/log/messages etc. did not generate logs and were all empty. Ask the great god to solve!

  linux, question

Before, there has been log generation and normal operation. Since the next rsyslog was restarted a few days ago, after the last log rotation,/var/log/message,/var/log/secureThey are all empty files.

Ask the superior for help and see, I want to know how to solve it, and also want to know what the reason is. Thank you very much.

Configuration file/etc/rsyslog.conf

# Log all kernel messages to the console.
 # Logging much else clutters up the screen.
 #kern.*                                                 /dev/console
 
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
 *.info;  mail.none;  authpriv.none;  cron.none                /var/log/messages
 
 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
 
 # Log all the mail messages in one place.
 mail.*                                                  -/var/log/maillog
 
 
 # Log cron stuff
 cron.*                                                  /var/log/cron
 
 # Everybody gets emergency messages
 *.emerg                                                 :omusrmsg:*
 
 # Save news errors of level crit and higher in a special file.
 uucp,news.crit                                          /var/log/spooler
 
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log

/var/log/secureEverything is empty except*-20161211Is to keep the log until the 9th

/var/log/secure, etc. are all empty.
/var/log/secure等都是空的
syslog配置文件

Rsyslog was also restarted.
rsyslog也是重启过的

That is to say, from the 8th, abnormal logging began. This isfail2ban-20161211The last few screenshots of that log
截止到8号

Changing to find a bug while refreshing this page can’t wait for the great god to save it. the @StormerZ also answered that it is irrelevant. he occupied the page and assigned it to bad reviews, naming and criticizing it!
So far, finally find a solution, life is always like this, sometimes still ask yourself.
First of all, I amrebootRestarting the server is useless.
Then I was revising itsyslogProfile, in/ect/logroate.d/syslog, restartsystemctl restart rsyslog
Still useless.

/var/log/maillog
 /var/log/messages
 /var/log/secure
 /var/log/spooler
 {
 missingok
 sharedscripts
 postrotate
 /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
 /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
 endscript
 }

Then simply put/var/log/messagesManually delete and rerun rsyslog, the result is predictable, but it is still useless.
At this point, I still don’t know where the problem is.
All right, that’s annoying.
I really want to go out and run.

Finally decided to reinstall the rsyslog, so
yum reinstall rsyslog
The rsyslog was restarted, but the result was still useless.
This is why, it seems that there is something wrong with the configuration file!
All right, let’s look at the configuration file/etc/rsyslog.conf, the website found the configuration of others, changed to the following:

#$ModLoad imjournal # provides access to the systemd journal
 #Enable by uncommenting
 $ModLoad imklog # reads kernel messages (the same are read from journald)
 
 #Comment out
 #$OmitLocalLogging on
 
 #Comment out
 #$IMJournalStateFile imjournal.state

Restart rsyslog

$ systemctl stop rsyslog.service
 $ systemctl start rsyslog.service

$ tail -f /var/log/secure
Finally, it is ok ~ there is a record.

So in order to verify that this is indeed the problem, I again/etc/rsyslog.confReturn to the original appearance and restart rsyslog.
Still.

This is strange to me.
However, the problem has been solved.
Did anyone tell me why? Comments in the reply.
I closed the problem first, but no one saw it anyway. I hope that the reply that I saw later, knowing the reason, will tell me, thank you first here!