Random Musings

Sporadic thoughts on tech, economics, business, finance and trading

/var/log/messages file does not exist

,

The error indicates that the /var/log/messages file does not exist on your Amazon Linux instance. This can happen due to one or more of the following reasons:

1. Default Logging Behavior in Amazon Linux

  • Amazon Linux 2 and later versions use systemd-journald for logging instead of the traditional rsyslog or syslog.
  • Logs are managed in memory or persisted to a binary journal file (e.g., /var/log/journal) instead of plain-text files like /var/log/messages.

2. rsyslog is Not Installed or Configured

  • If you prefer traditional plain-text log files like /var/log/messages, the rsyslog service must be installed and configured.
  • By default, Amazon Linux 2 does not install or enable rsyslog.

3. File Rotation or Disk Cleanup

  • If /var/log/messages existed earlier but is missing now, it could have been rotated or removed as part of disk cleanup.

How to Resolve or Investigate

1. Check Logging Configuration

To confirm the current logging setup:

systemctl status systemd-journald

If active, logs are stored in the systemd journal.

2. View Logs with journalctl

Since Amazon Linux typically uses systemd:

journalctl

For real-time logs:

journalctl -f

If you want to check logs from a specific service:

journalctl -u <service-name>

3. Enable /var/log/messages (if needed)

  • Install rsyslog: sudo yum install rsyslog
  • Enable and Start rsyslog: sudo systemctl enable rsyslog sudo systemctl start rsyslog
  • Configure rsyslog: Edit /etc/rsyslog.conf: sudo nano /etc/rsyslog.conf Ensure the following line is present and uncommented: *.info;mail.none;authpriv.none;cron.none /var/log/messages
  • Restart rsyslog: sudo systemctl restart rsyslog

4. Check for Disk Space Issues

Ensure your instance has sufficient space for logs:

df -h

Free up space if necessary.

5. CloudWatch Logs

If you are using CloudWatch Logs for centralized logging, /var/log/messages might not be used. Check your CloudWatch configuration:

aws logs describe-log-groups

You might find system logs being directed there.

Summary

If /var/log/messages is crucial for your setup, ensure rsyslog is installed and properly configured. Otherwise, rely on journalctl or centralized logging services like CloudWatch for log management.