- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: syslog.log disappears
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:16 AM
тАО10-25-2001 05:16 AM
syslog.log disappears
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:22 AM
тАО10-25-2001 05:22 AM
Re: syslog.log disappears
Have you checked your root crontab? You may have a log cleanup script running somewhere that has an error in it. Remember never to move a file which is open by a process. It instead needs to be zero'd by cat /dev/null > file.
You could also try restarting syslogd
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
Cheers,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:27 AM
тАО10-25-2001 05:27 AM
Re: syslog.log disappears
you have to create an empty syslog-file. Otherwise it wouldn't be automatically created. Test with:
touch /var/adm/syslog/syslog.log
Also have a look at your /etc/syslog.conf. It must not have any blanks. Only
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:33 AM
тАО10-25-2001 05:33 AM
Re: syslog.log disappears
I do not have a clean up script in cron. After I've discovered that my syslog.log file is gone, what I do is stop syslogd and touch syslog.log. I make sure that the file has the same permissions as other syslog.log files on my other systems. It will hang around for a few days or a week then dissappear again.
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:43 AM
тАО10-25-2001 05:43 AM
Re: syslog.log disappears
What you do to find this depends on how your system is set up. When you touch it, ensure it's chmod 644 and chown root:sys. That'll make sure only root can remove it. You could install tripwire (http://www.tripwire.com/downloads/tripwire_asr) and fine out when it disappears, and if it's a user who does it. You could write a cron job to check if it's there, then send a bit of it to you:
if [ -f /var/adm/syslog/syslog.log ] ; then
tail /var/adm/syslog/syslog.log | mail you@yourdomain
else
echo "syslog is gone!" | mail you@yourdomain
...anything else...
fi
Once you find out when it disappears, you can check the sulog and lastlog to see who's logged in at the time. These logs aren't disappearing too are they?
You might also want to check out the syslogd patches out there and see if this has occurred as a bug.
Cheers,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:43 AM
тАО10-25-2001 05:43 AM
Re: syslog.log disappears
I checked my syslog.conf file and it did have spaces. I've replaced them w/ TABs. I'll see if that does the trick.
Thanks,
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 05:55 AM
тАО10-25-2001 05:55 AM
Re: syslog.log disappears
Sounds like it is being removed on purpose by someone.
I would probably set up another job that does a
tail -f /var/adm/syslog.log > myfile
at least this way you get to see what was in the file that dissapeared.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 06:02 AM
тАО10-25-2001 06:02 AM
Re: syslog.log disappears
tail -5 /var/adm/syslog.log >> myfile
you could still do the
tail -f /var/adm/syslog.log > myfile
as an additional check I would also check to see who may have root uid or passwd, or better yet, change the root passwd NOW!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2001 06:18 AM
тАО10-25-2001 06:18 AM