/var/log files empty

Mon, 22 Dec 2025 08:57:58 -0800

I have 2 Arch machines, both of which had been set up to forward messages from journald to syslog, and so eventually to the log files in /var/log.  I noticed the other day that on both machines, the /var/log log files are now all empty, which I'm guessing means that journald is no longer forwarding messages to syslog.  I'm certain that I had this configuration working in the past.  But something seems to have changed at some point that's broken it. I'm not sure what changed, or when it happened.  I've tried to fix, but with no luck.
I have syslog-ng installed, and the syslog-ng@default service enabled and running.  I also have "ForwardToSyslog=yes" set in my /etc/systemd/journald.conf file, and the systemd-journald service is enabled and running.  Yet somehow they're (I'm guessing) not talking to each other and forwarding the log messages. 


According to this forum post there might a socket 
/run/systemd/journal/syslog that needs to be created in order for this 
setup to work.  This socket file doesn't exist on my system. That socket 
file seems to get created by the systemd unit script 
/usr/lib/systemd/system/syslog.socket, which seems to be triggered by 
/usr/lib/systemd/system/systemd-journald.service.  However, that 
syslog.socket unit either doesn't seem to be getting triggered or is 
failing.  And when I try to start the syslog.socket unit script 
manually, it fails. (And with very little in the way of explanatory 
messages.):


[darose@titan log]$ sudo systemctl start syslog.socket
Job failed. See "journalctl -xe" for details.

[darose@titan log]$ systemctl status syslog.socket
○ syslog.socket - Syslog Socket
     Loaded: loaded (/usr/lib/systemd/system/syslog.socket; static)
     Active: inactive (dead)
   Triggers: ● syslog.service
       Docs: man:systemd.special(7)
             https://systemd.io/SYSLOG
     Listen: /run/systemd/journal/syslog (Datagram)


Dec 20 19:52:01 titan systemd[1]: syslog.socket: Socket service 
syslog.service not loaded, refusing.

Dec 20 19:52:01 titan systemd[1]: Failed to listen on Syslog Socket.

Anyone have any idea what might be broken here / how to fix?

Thanks,

DR























					Reply via email to