Syslog is not being written too, anyone ever experince this?
Bounce the daemon.
hmm well i stopped and restarted with the rc2.d scripts, and it still is not writing to syslog
What's not writing to syslog? What facility do you have pointing to syslog? Has something changed recently? If you have a facility that's supposed to write to syslog, what happens when you run the logger command and send a message to syslogd?
Carl
Let me add to BOFH's reply... any changes to syslog.conf?
I have experienced syslog refusing to accept logs. But only on a syslog dedicated server. One where the syslogs of all the other servers are being sent. Since syslog is a udp service, it will drop data if it's coming too fast. Plus Solaris had a problem back in 2.5 or 2.5.1 where syslog would bail with door errors (it'd stay running but if you looked at the running process, you'd see door commands and then waiting). The solution was to apply a syslog patch that became available after some complaining 
Oh and killing the daemon didn't fix it. You had to kill the daemon and delete the syslog.pid file or it'd stay lost.
Carl
well im assuming the syslog dameon writes to syslog... i dont thing syslog messages are being sent elsewhere, let me verify..
well looks like my /etc/hosts is different then the box that is working, i didnt clarify myself earlier, bascially mail messages are not being sent to /var/log/syslog... its a zero length file. On the box that is not working loghost is not on the same line as the hostname of the machine. Which I think i did, because i beleive this leaves you open to a denial of service attack. I thought this allowed you to be a syslog server, and thus other machines could send you syslog messages... so in order to resolve this could i take out the loghost reference in /etc/syslog.conf?
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
Yes, you can just put them in the same format as any of the other things that go directly to files.
Do you have a loghost defined in /etc/inet/hosts? If so does it have the same ip as the line with hostname? If you answered yes to both then it should be working.
no, i dont have loghost defined in /etc/inet/hosts... I read that leaves you open to a DOS attack.... I thought if you didnt have a loghost definend, it would write to the local host....
So i beleive if i take the loghost entry out of /etc/hosts and then alter the mail line in syslog.conf to look like this... i should be ok
mail.debug /var/log/syslog
anyone think this is a bad idea?
Actually I meant what program are you expecting to write to /var/log/syslog (I got it with a followup message).
Carl
What's in your /etc/inet/hosts file shouldn't affect inbound connections. If syslog is running then you're listening on udp 601. Do a netstat -a | grep syslog and you'll likely see a syslog udp service (or grep for 601). If you define loghost on one system as any other system that's running syslogd and nothing's blocking access, you'll log info to that server (also assuming the facility is setup to log the incoming logs of course).
And yea, as long as you're not sending info to another server, it should log locally.
Carl
I know that on some syslog implementations you can use spaces to separate the facility from the log. On Solaris (at least Solaris 6, which was the last time I worked with a syslog dedicated server), you must have only tabs between the facility and the log file name.
I just checked OS X, Mandrake Linux and OpenBSD and all use tabs.
Make sure the file exists before you restart syslog (yea I saw your earlier post that said it was zero bytes, just a note for the folks at home 
).
Again, you might try using logger:
logger -p mail.debug -t testing "Testing to see if syslog is really working."
If you have an existing entry, you can replace mail.debug with one of those facilities and check that log. Basically make sure syslog itself is working so you know what you're trying to fix. Perhaps your mail program isn't configured to log to mail.debug (need to increase a debug level for example).
Carl