Yes, I accidentally deleted var/log/syslog file in a production server! And then I thought the server will recreate it automatically and start logging again. But it didn’t!

Image credit: What Richard Did (2013)

Then I tried to recreate the file manually with the following command and start watching. but still, it doesn’t log a single line!

touch /var/log/syslog

Maybe the problem is with rsyslog service. Let’s restart it.

sudo service rsyslog restart

Guess what? It does nothing. Then I tried to restart the entire server — as everyone does. But no luck! Nothing gets logged!

Sounds familiar? Here is the solution! Just remove the var/log/syslog file and restart the rsyslog service. Do NOT create syslog file manually. Let the system recreate it.

Next time when you want to clear the syslog and get some space free, use the following command rather than deleting it.

truncate -s 0 /var/log/syslog

--

--