-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-8.6.0
-
None
-
None
-
rhel-security-special-projects
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
-
57,005
Description of problem:
Graceful reboot system, rsyslog will not record the reboot log in messages which compared with the previous rhel7
Version-Release number of selected component (if applicable):
RHEL8
How reproducible:
N/A
Steps to Reproduce:
1. in RHEL8 run "systemctl reboot" to reboot system.
Then /var/log/messages haven't record system process normal stop procedure info and only record system startup info. it is difficult for us to detect whether the system is a graceful shutdown/reboot or not.
~~~
Jul 31 01:48:22 testserver rsyslogd[1908]: [origin software="rsyslogd" swVersion="8.2102.0-13.el8" x-pid="1908" x-info="https://www.rsyslog.com"] start
Jul 31 01:48:22 testserver systemd[1]: Started System Logging Service.
Jul 31 01:48:22 testserver rsyslogd[1908]: imjournal: journal files changed, reloading... [v8.2102.0-13.el8 try https://www.rsyslog.com/e/0 ]
Jul 31 01:49:08 testserver kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-193.13.2.el8_2.x86_64
~~~
2. In RHEl7 "systemctl reboot" to reboot system. /var/log/messages will record system process normal stop procedure info and record system startup info. it is easy for us to detect the system is a graceful shutdown/reboot.
~~~
Aug 9 16:16:48 rhel7 systemd: Stopped Dump dmesg to /var/log/dmesg.
Aug 9 16:16:48 rhel7 systemd: Stopped target RPC Port Mapper.
Aug 9 16:16:48 rhel7 systemd: Stopped target Timers.
Aug 9 16:16:48 rhel7 systemd: Stopping RPC bind service...
Aug 9 16:16:48 rhel7 systemd: Stopped target Multi-User System.
Aug 9 16:16:48 rhel7 systemd: Stopping OpenSSH server daemon...
Aug 9 16:16:48 rhel7 systemd: Stopped Resets System Activity Logs.
Aug 9 16:16:48 rhel7 systemd: Stopping Command Scheduler...
Aug 9 16:16:48 rhel7 systemd: Unmounting RPC Pipe File System...
Aug 9 16:16:48 rhel7 systemd: Stopping Authorization Manager...
Aug 9 16:16:48 rhel7 systemd: Stopped Daily Cleanup of Temporary Directories.
Aug 9 16:16:48 rhel7 systemd: Stopping LSB: Starts the Spacewalk Daemon...
Aug 9 16:16:48 rhel7 systemd: Removed slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice.
Aug 9 16:16:48 rhel7 systemd: Stopping Enable periodic update of entitlement certificates....
Aug 9 16:16:48 rhel7 systemd: Stopping irqbalance daemon...
...
Aug 9 16:17:19 rhel7 kernel: Linux version 3.10.0-1160.95.1.el7.x86_64 (mockbuild@x86-vm-39.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) ) #1 SMP Fri Jun 23 08:44:55 EDT 2023
~~~
Actual results:
In RHEL8, no graceful shutdown/reboot info in messages
Expected results:
messages record graceful shutdown/reboot info such as the previous rhel7
Additional info:
However, In RHEL8 we can use below workaround to fix it
Configuring the journal to be permanently saved in a file, the messages log can normally record the shutdown/reboot info.
~~~
- mkdir -p /var/log/journal
- systemctl restart systemd-journald.service
- systemctl reboot
~~~
Then from message, we know it is a graceful shutdown/reboot
~~~
Jul 31 01:30:23 testserver systemd-logind[974]: System is rebooting.
…
Jul 31 01:30:23 testserver sssd[nss][963]: Shutting down
…
Jul 31 01:30:23 testserver NetworkManager[987]: <info> [1690781423.5682] caught SIGTERM, shutting down normally.
…
Jul 31 01:30:24 testserver systemd[1]: Shutting down.
~~~
