Symptoms
System logs such as /var/log/messages, /var/log/maillog, and many others are no longer being created or are empty.
Description
The problem can be caused by a myriad of things; however, the most common involve the functionality of rsyslog.
Workaround
You can perform manual tests by sending messages to these logs using the logger utility.
Example:
logger -p mail.info "cPtech TEST"
This example causes a log entry with the info severity to be written to the mail log, which is normally /var/log/maillog as specified in the /etc/rsyslog.conffile.
The result looks like this in /var/log/maillog:
Jan 8 12:22:35 host-server cptech: cPTECH TEST
If the test is not working then this means something else is wrong. For a final basic check, make sure that your server has a valid socket file that systemd uses under the following path: /dev/log :
stat /dev/log
If the file is missing simply issue the following three commands to allow it to rebuild:
systemctl restart systemd-journald.socket
systemctl restart systemd-journald
systemctl restart rsyslog