> There also apepars to be a bug in syslog. If you do something like: > > grep -v "ROOT" messages > mmm; mv mmm messages > > Logging is disabled, I suspect this problem is that the file pointer > maintained by syslog is getting ahead of the physical EOF, and thus > writes will fail, but this is just a guess, and I havent looked at the > source to linux's syslog. You have to HUP syslogd after doing such things on most syslogd's. syslog usually opens all logs when it starts up and reads the config file. When you HUP the daemon it rereads the config file and reopens the log files. Explanation (you probably know this but I'll be complete): When you remove a file it doesnt go away unless there are no links left to it and no processes have the file open. If syslog still has the file open the file is unlinked from the directory but still exists on disk. Syslog keeps logging to the now invisible file. The new file you make has a new inode number and refers to a completely different file. When you HUP syslogd it closes the old file (making it get deleted from the disk for real) and opens the new file and starts logging normally again.