[Eisfair] Syslogd verhält sich merkwürdig

Sascha Pohl sascha at pohl-bo.de
Mi Mai 12 01:06:31 CEST 2021 

Hallo zusammen,

seit einiger Zeit (ich kann leider nicht nachvollziehen wie lange) 
verhält sich syslogd auf meinem Eisfair-Server etwas merkwürdig.
Es handelt sich um einen Eis64 als VM unter Proxmox.
Nachdem /var/log/messages rotiert wurde (bei mir täglich) werden alte 
Einträge, die vom Kernel kommen, wieder in das neue Logfile eingefügt.
Zur Zeit befindet sich in der Datei folgender Inhalt:

May 12 00:00:00 eis syslogd[4983]: syslogd v2.2.2: restart.
May 11 21:58:12 eis kernel: Linux version 5.10.31-eisfair-64-VIRT 
(root at basebox64) (gcc (eisfair Linux) 9.3.1 20200406 [revision 
6db837a5288ee3ca5ec504fbd5a765817e556ac2], GNU ld (GNU Binutils; 
eisfair-64) 2.33.1.20191023-3) #1 SMP Wed May 5 20:29:40 CEST 2021
May 11 21:58:12 eis kernel: Command line: BOOT_IMAGE=../kernel 
root=UUID=1e4c395e-e44a-49dd-babf-d93180ea8cee raid=noautodetect 
consoleblank=600 initrd=../initrd.gz
May 11 21:58:12 eis kernel: KERNEL supported cpus:
May 11 21:58:12 eis kernel:   Intel GenuineIntel
May 11 21:58:12 eis kernel:   AMD AuthenticAMD
May 11 21:58:12 eis kernel:   Hygon HygonGenuine
May 11 21:58:12 eis kernel:   Centaur CentaurHauls
May 11 21:58:12 eis kernel:   zhaoxin   Shanghai
May 11 21:58:12 eis kernel: x86/fpu: x87 FPU will use FXSAVE
May 11 21:58:12 eis kernel: BIOS-provided physical RAM map:
May 11 21:58:12 eis kernel: BIOS-e820: [mem 
0x0000000000000000-0x000000000009fbff] usable
...
May 11 21:58:33 eis kernel: EXT4-fs (sda3): re-mounted. Opts: 
errors=remount-ro
May 11 21:58:33 eis last message buffered 1 times
May 11 21:58:34 eis kernel: EXT4-fs (sda1): mounted filesystem with 
ordered data mode. Opts: errors=remount-ro
May 11 21:58:34 eis kernel: ext4 filesystem being mounted at /boot 
supports timestamps until 2038 (0x7fffffff)
May 11 21:58:37 eis kernel: RPC: Registered named UNIX socket transport 
module.
May 11 21:58:37 eis kernel: RPC: Registered udp transport module.
May 11 21:58:37 eis kernel: RPC: Registered tcp transport module.
May 11 21:58:37 eis kernel: RPC: Registered tcp NFSv4.1 backchannel 
transport module.
May 11 21:58:37 eis kernel: FS-Cache: Loaded
May 11 21:58:37 eis kernel: FS-Cache: Netfs 'nfs' registered for caching
May 11 21:58:38 eis kernel: Installing knfsd (copyright (C) 1996 
okir at monad.swb.de).
May 11 21:58:38 eis kernel: NET: Registered protocol family 10
May 11 21:58:38 eis kernel: Segment Routing with IPv6
May 11 21:58:38 eis kernel: RPL Segment Routing with IPv6
May 11 21:58:38 eis kernel: NFS: Registering the id_resolver key type
May 11 21:58:38 eis kernel: Key type id_resolver registered
May 11 21:58:38 eis kernel: Key type id_legacy registered
May 11 21:58:39 eis kernel: mount.nfs4 (5490) used greatest stack depth: 
11432 bytes left
May 11 21:58:39 eis kernel: mount.nfs4 (5533) used greatest stack depth: 
11336 bytes left
May 12 00:12:37 eis sshd[10518]: Accepted keyboard-interactive/pam for 
root from 192.168.10.66 port 50718 ssh2
May 12 00:12:37 eis sshd[10518]: pam_unix(sshd:session): session opened 
for user root(uid=0) by (uid=0)
May 12 00:12:37 eis sshd[10529]: Accepted password for root from 
192.168.10.66 port 50719 ssh2
May 12 00:12:37 eis sshd[10529]: pam_unix(sshd:session): session opened 
for user root(uid=0) by (uid=0)
May 12 00:16:45 eis su: pam_unix(su-l:session): session closed for user spam
May 12 00:21:46 eis sshd[10518]: pam_unix(sshd:session): session closed 
for user root
May 12 00:21:46 eis sshd[10529]: pam_unix(sshd:session): session closed 
for user root
May 12 00:25:00 eis su: (to root) root on none
May 12 00:25:00 eis su: pam_unix(su:session): session opened for user 
root(uid=0) by (uid=0)
May 12 00:25:02 eis su: pam_unix(su:session): session closed for user root
May 12 00:49:50 eis sshd[25917]: Accepted keyboard-interactive/pam for 
root from 192.168.10.66 port 50954 ssh2
May 12 00:49:50 eis sshd[25917]: pam_unix(sshd:session): session opened 
for user root(uid=0) by (uid=0)
May 12 00:49:50 eis sshd[25928]: Accepted password for root from 
192.168.10.66 port 50955 ssh2
May 12 00:49:50 eis sshd[25928]: pam_unix(sshd:session): session opened 
for user root(uid=0) by (uid=0)
May 12 00:50:20 eis sshd[27587]: Accepted password for root from 
192.168.10.66 port 50957 ssh2
May 12 00:50:20 eis sshd[27587]: pam_unix(sshd:session): session opened 
for user root(uid=0) by (uid=0)

Am 11.05.2021 gegen 21:58 Uhr hat der letzte Neustart stattgefunden.
Warum hat syslogd diese Zeilen wieder in die neue Datei geschrieben?
Dieses Verhalten beobachte ich seit einiger Zeit.
Leider habe ich nicht genug Logdateien abgespeichert, sodass ich nicht 
feststellen kann, seit wann genau es sich so verhält.

Die Konfiguration für syslog sieht so aus:

START_SYSLOGD='yes'
SYSLOGD_DEST_N='4'
SYSLOGD_DEST_1_NAME=''
SYSLOGD_DEST_1_ACTIVE='yes'
SYSLOGD_DEST_1_SOURCE_N='4'
SYSLOGD_DEST_1_SOURCE_1_NAME='alles in messages'
SYSLOGD_DEST_1_SOURCE_1_ACTIVE='yes'
SYSLOGD_DEST_1_SOURCE_1='*.*'
SYSLOGD_DEST_1_SOURCE_2_NAME='antispam not in messages'
SYSLOGD_DEST_1_SOURCE_2_ACTIVE='yes'
SYSLOGD_DEST_1_SOURCE_2='local7.none'
SYSLOGD_DEST_1_SOURCE_3_NAME='cron not in messages'
SYSLOGD_DEST_1_SOURCE_3_ACTIVE='yes'
SYSLOGD_DEST_1_SOURCE_3='cron.none'
SYSLOGD_DEST_1_SOURCE_4_NAME='eis-install not in messages'
SYSLOGD_DEST_1_SOURCE_4_ACTIVE='yes'
SYSLOGD_DEST_1_SOURCE_4='local5.!=info'
SYSLOGD_DEST_1_TARGET='/var/log/messages'
SYSLOGD_DEST_1_PREROTATE_CMD=''
SYSLOGD_DEST_1_POSTROTATE_CMD='/etc/init.d/syslogd --quiet restart'
SYSLOGD_DEST_2_NAME='antispam'
SYSLOGD_DEST_2_ACTIVE='yes'
SYSLOGD_DEST_2_SOURCE_N='1'
SYSLOGD_DEST_2_SOURCE_1_NAME='antispam'
SYSLOGD_DEST_2_SOURCE_1_ACTIVE='yes'
SYSLOGD_DEST_2_SOURCE_1='local7.*'
SYSLOGD_DEST_2_TARGET='/var/log/antispam.log'
SYSLOGD_DEST_2_PREROTATE_CMD=''
SYSLOGD_DEST_2_POSTROTATE_CMD='/etc/init.d/antispam -quiet restart'
SYSLOGD_DEST_3_NAME='cron'
SYSLOGD_DEST_3_ACTIVE='yes'
SYSLOGD_DEST_3_SOURCE_N='1'
SYSLOGD_DEST_3_SOURCE_1_NAME='cron'
SYSLOGD_DEST_3_SOURCE_1_ACTIVE='yes'
SYSLOGD_DEST_3_SOURCE_1='cron.*'
SYSLOGD_DEST_3_TARGET='/var/log/cron.log'
SYSLOGD_DEST_3_PREROTATE_CMD=''
SYSLOGD_DEST_3_POSTROTATE_CMD=''
SYSLOGD_DEST_4_NAME='eis-install'
SYSLOGD_DEST_4_ACTIVE='yes'
SYSLOGD_DEST_4_SOURCE_N='1'
SYSLOGD_DEST_4_SOURCE_1_NAME='eis-install'
SYSLOGD_DEST_4_SOURCE_1_ACTIVE='yes'
SYSLOGD_DEST_4_SOURCE_1='local5.=info'
SYSLOGD_DEST_4_TARGET='/var/log/eis-install.log'
SYSLOGD_DEST_4_PREROTATE_CMD=''
SYSLOGD_DEST_4_POSTROTATE_CMD=''
SYSLOGD_MARK_INTERVAL='20'
SYSLOGD_LOG_COUNT='10'
SYSLOGD_LOG_INTERVAL='daily'
SYSLOGD_OPTIONS=''

Daran habe ich aber die ganze Zeit nichts verändert.

Hat jemand eine Idee, woran das liegen könnte?

Grüße
Sascha

Mehr Informationen über die Mailingliste Eisfair