General
cancel
Showing results for 
Search instead for 
Did you mean: 

How to trim the logfiles with active process writing to?

Aldis Black
Advisor

How to trim the logfiles with active process writing to?

Hi all, I am trying to zero the size of long running session logs from rootsh, but it seems to be impossible untill the process is active. I tried to run cat /dev/null > but the logsize remains unchanged. Any ideas on how to deal with this?

Thanks, Aldis
13 REPLIES
R.K. #
Honored Contributor

Re: How to trim the logfiles with active process writing to?

Hi..

How about using only the ">" symbol.
Eg.
# > /var/adm/syslog/syslog.log
Don't fix that what ain't broke
Aldis Black
Advisor

Re: How to trim the logfiles with active process writing to?

Nope. Still the same.
Prashantj
Valued Contributor

Re: How to trim the logfiles with active process writing to?

Hi Aldis,

#!/bin/sh
export today=`date -u +%b%d`
cd /var/adm/syslog
#
cat syslog.log |grep Logging |mailx -s "trim syslog" root
# Copy active file to old directory
cat syslog.log >./old.syslog/$today.syslog
cat mail.log >./old.maillog/$today.maillog
# Initialize active file
>syslog.log
>mail.log
# Delete file(s) older than 120 days from old directory
find /var/adm/syslog/old.syslog/ -mtime +120 -exec rm {} \;
find /var/adm/syslog/old.maillog/ -mtime +120 -exec rm {} \;

Hope this will help you.

Prashant
Good judgment comes from experience and experience comes from bad judgment.
Aldis Black
Advisor

Re: How to trim the logfiles with active process writing to?

Hi Prashant, Unfortunately it doesn't help as the commands used in the script (>logfile) seem to be not working on my logs as discussed above.
R.K. #
Honored Contributor

Re: How to trim the logfiles with active process writing to?

Hi Again,

Try copying /dev/null over the log file. Also see if you can find any option in sam.

Refer:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1033864




Don't fix that what ain't broke
Prashantj
Valued Contributor

Re: How to trim the logfiles with active process writing to?

Hi Aldis,

Can u share the output of below commands

1)pwd ( where '>'not working )
2)echo $SHELL
3)ll /var/adm/syslog/syslog.log
4)id
5)check bdf output, if any filsystem reach 99%


Prashant
Good judgment comes from experience and experience comes from bad judgment.
Aldis Black
Advisor

Re: How to trim the logfiles with active process writing to?

Hi R.K. # ,

the cp /dev/null does not work here as well. Strange thing is that right after running any of the previously mentioned commands the filesize changes to zero bytes for a few seconds and then goes back to the previous value... any clue?
R.K. #
Honored Contributor

Re: How to trim the logfiles with active process writing to?

What is this log file actually related to?
Any application or OS?
Don't fix that what ain't broke
Dennis Handly
Acclaimed Contributor

Re: How to trim the logfiles with active process writing to?

>then goes back to the previous value... any clue?

If the writer is tracking where he thinks the file position is and writes to that position, you can't change that.
Aldis Black
Advisor

Re: How to trim the logfiles with active process writing to?

This are the logfiles of rootsh (keystroke logging tool). Looks like it is tracking the file indeed - just tried to move the logfile and it keeps writing to it anyway!
Still i need to find a way to trim those files as the users keep the sessions open for several days and the logfiles grow fast. Please advise!
James R. Ferguson
Acclaimed Contributor

Re: How to trim the logfiles with active process writing to?

Hi Aldis:

# > filename

or:

# cat /dev/null > filename

If no process is using the file, it will be reduced to a size of zero.

If a process is using the file, then this will return disk blocks to the system but will not change the length of the file that the process with the file open "sees". Rather the file will be sparse with nulls at its beginning. This is generally not an issue for log files.

Regards!

...JRF...
TTr
Honored Contributor

Re: How to trim the logfiles with active process writing to?

> just tried to move the logfile and it keeps writing to it anyway!

Does rootsh accept a HUP signal?

# mv logfile logfile-old
(the logfile-old is still open and written to)

# kill -HUP rootsh-PID
(The -HUP signal *might* make the rootsh start a new logfile under the original name)

Court Campbell
Honored Contributor

Re: How to trim the logfiles with active process writing to?

I have always been a fan of he truncate function in perl.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"