Maillog not updating
An because every guess is as good as any other as long there are no facts to measure it against, here is mine: when the moon is in the seventh house, and Jupiter aligns with Mars....
# ps aux | grep syslog root 2524 0.0 0.0 105372 1320 ?
Files removed with rm while process is attached (you will not see the file anymore, but the process is still writing in it and taking up space until you restart it). Other then that, you will have to login to your app/db/system and determine what is going on and how it is configured to log. and the /var/log/messages file typically gets updated quite frequently. /var/log/messages can be any log file (application, database, network, system)Another possibility (although unusual for a process that is writing a log file as opposed to normal output from a short lived process) is that the process writing the log is using fully buffered (instead of line buffered) standard I/O buffering.
Inode exhaustion (rare on modern filesystems, limits are quite high). There could be various reasons such as : Missing disk space. but all of a sudden, its being updated now every 5 minutes, when before, hardly 30 seconds can go by without it being updated. (With fully buffered I/O, the program writing the log won't update the file until its internal buffer for that file is full.
What the logger might do to prevent this is to first write the log message, check to see if the log file directory entry exists, and if it doesn't exist, close the original log file, open a new one, and then rewrite the message -- so that the message doesn't get lost.
When you do an "rm ", you are removing a directory entry, but you are NOT removing the underlying file.Wrong files/log cleanup (badly configured logrotate and such). it is sluggish and most likely to be crashing in the near future. a new change has been applied to the application or database which has caused it to behave different. someone hacked into the database, application, system and screwed around with it. hopefully, these can point you guys in the direction i was thinking.if you didn't make the change, then, u would want to know about this. and i'm hoping you can add more or suggest other possible reasons.Perhaps the problem is - you guessed it: something! Describe your environment (applications, OS, versions, topology and whatever might be of influence) and then show some log files and what exactly changed.You do not call a doctor (mind you, via phone) and ask him for a diagnose based on "i feel different today than i felt yesterday".If you create a new /var/log/mail, it will point to a file different from the one the system logger is currently writing.The only way to make everything consistent is to restart the system logger.Wrong files/log cleanup (badly configured logrotate and such). Files removed with rm while process is attached (you will not see the file anymore, but the process is still writing in it and taking up space until you restart it). With a fully buffered file, the buffer is typically a multiple of 1024 bytes somewhere in the range of sizes from 1K to 32K bytes; but can be any size the process chooses.)when the log of an application, database, or system is not updating as it is known to or expected to given its history, here's what i was hoping you guys would be alluding to: 1.Inode exhaustion (rare on modern filesystems, limits are quite high). the application that normally logs to that log file is not functioning properly. a lack of activity could mean some part of a web site is not functioning right. page not loading, or taking too slow, causing users to give up.The operating system keeps a count of references to the file, and will not actually delete the underlying file data until the reference count goes to zero.In the case of an average file, the reference count of the unopened file is one (the directory entry).