I noticed the other day that my Archlinux logs were all zero bytes. Empty logs don’t do much good, so I spent a while trolling around the internets and had a difficult time finding anything valuable.
I did find one valuable thing in my boot log at
Starting Syslog-NG [BUSY] Error binding socket; addr='AF_UNIX(/run/systemd/journal/syslog)', error='No such file or directory (2)'
Which was enough to lead me to this post, https://bbs.archlinux.org/viewtopic.php?id=151132 (which had an unrelated title). The solutioon is to update
/etc/syslog-ng/syslog-ng.conf and change the line that sets unix-dgram to read
unix-dgram("/dev/log");, and then restart (or start, since it probably never started in the first place) syslog-ng with
rc.d start syslog-ng. If you log out and log back in after that, you should see at the very least
auth.log will have content.
Of note, I also had a permissions problem with a lot of the log files, so I had to do a quick
chmod --recursive g+w /var/log/* to give the log group permissions to write to the logs.