HPE Community
Operating System - HP-UX
1755702 Members
2973 Online
108837 Solutions
New Discussion юеВ

rolling syslog file over

 
SOLVED
Go to solution
Fred Martin_1
Valued Contributor

тАО11-16-2001 06:57 AM

тАО11-16-2001 06:57 AM

rolling syslog file over

I'd like to have the crontab, daily or maybe weekly, roll over the syslog into storage files, something like:

/var/adm/syslog/syslog.log

/dump/syslog/syslog.10162001
/dump/syslog/syslog.10172001
/dump/syslog/syslog.10182001

I can handle the scripting OK, I figured I'd just copy out the current syslog, then do something like:

>/var/adm/syslog/syslog.log

To clear the current log. It occurs to me though that this is not the proper way - do I need to start/stop daemons, or anything like that? Is my approach too simple?

And - would the same hold true for mail logs, su logs, wtmp and btmp?
fmartin@applicatorssales.com
0 Kudos
Reply
6 REPLIES 6
Sanjay_6
Honored Contributor

тАО11-16-2001 07:00 AM

тАО11-16-2001 07:00 AM

Solution

Re: rolling syslog file over

Hi Fred,

No i don't think you have to start / stop the daemon. Just roll over the file and do a "cat /dev/null > /var/adm/syslog/syslog.log" . The system can start updating the file again.

Hope this helps.

Regds
Reply
Mike Hassell
Respected Contributor

тАО11-16-2001 07:05 AM

тАО11-16-2001 07:05 AM

Re: rolling syslog file over

Fred,

Please see the attached shell script for examples of how this can be accomplished. I downloaded this script from HP awhile back and I don't remember the site off the top of my head, but the attached script hasn't been edited. I think it will meet your needs.

-Mike
The network is the computer, yeah I stole it from Sun, so what?
Reply
Roger Baptiste
Honored Contributor

тАО11-16-2001 07:08 AM

тАО11-16-2001 07:08 AM

Re: rolling syslog file over

<<>/var/adm/syslog/syslog.log
To clear the current log. It occurs to me though that this is not the proper way >>

It is the correct way. The inode number remains the same , so the syslogd file should not have any problem in writing to the file.


<>

No need to restart the daemons. The simple way works ;-)

<>

Yes, the same holds true. But, i would not suggest you to Zero out the wtmp and btmp files. If you do that, the last and lastb commands will not show the old login information.

Just curious, why do you want to copy the syslog file daily?? Is it because of lack of space in /var filesystem?? If you are doing system backup daily, the syslog file would be copied as a part of the backup.

HTH
raj
Take it easy.
Reply
Darrell Allen
Honored Contributor

тАО11-16-2001 07:14 AM

тАО11-16-2001 07:14 AM

Re: rolling syslog file over

Hey Fred,

That will work, just realize there is a slight possibility that something could get written to the syslog between the copy and "zapping".

Redirecting "nothing" as you show is fine. Removing and recreating syslog without stopping daemons is not.

You can also use SAM to trim the log but then you won't have the historical copies.

You may also want to set an rc file to make a copy of OLDsyslog.log at every boot. I've had a number of times this file was lost because of back to back boots. Bummer.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
Steven Gillard_2
Honored Contributor

тАО11-16-2001 07:15 AM

тАО11-16-2001 07:15 AM

Re: rolling syslog file over

The best way is to simply move the file aside with the mv command, then send syslogd a SIGHUP. It will then create a new syslog.log file and start writing to that. This way you won't lose any messages.

Cheers,
Steve
Reply
Fred Martin_1
Valued Contributor

тАО11-16-2001 07:31 AM

тАО11-16-2001 07:31 AM

Re: rolling syslog file over

Thank you all, I'm on my way.

Darrell, I had considered the idea that the file may be written to; I'm liking the SIGHUP idea as a way to prevent that.

Agreed, I don't think I'll move wtmp or btmp until they hit some size limit or have been reviewed for security. That data is good to have online.

To answer why am I doing this - yes primarily disk space.

Perhaps monthly copying the file out would be sufficient, I hadn't figured out that part yet.
fmartin@applicatorssales.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.