HPE Community
Operating System - HP-UX
1753706 Members
4798 Online
108799 Solutions
New Discussion юеВ

Re: Syslog purging

 
SOLVED
Go to solution
Jeeshan
Honored Contributor

тАО05-03-2009 09:33 PM

тАО05-03-2009 09:33 PM

Syslog purging

Hi all

My syslog file is too large. I want to copy the lines by date wise like "Apr 1 to May 4".

Please suggest me.
a warrior never quits
0 Kudos
7 REPLIES 7
Dennis Handly
Acclaimed Contributor

тАО05-03-2009 10:57 PM

тАО05-03-2009 10:57 PM

Solution

Re: Syslog purging

You could do it manually in vi(1).
Or you could use sed:
sed -e '/Apr 1/,$p/' syslog.log > syslog.latest

You'll need to find the exact format for Apr 1 from the syslog file.
0 Kudos
Suraj K Sankari
Honored Contributor

тАО05-04-2009 12:23 AM

тАО05-04-2009 12:23 AM

Re: Syslog purging

Hi,
just copy the file into other name
#cd /var/adm/syslog
#cp syslog.log syslog.old
vi syslog.old
go to the desire line
press Esc :,$d
it will remove all below lines from the cursor position.

Suraj
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО05-04-2009 03:08 AM

тАО05-04-2009 03:08 AM

Re: Syslog purging

HI:

> I want to copy the lines by date wise like "Apr 1 to May 4".

This suggests that these are the lines you actually want to _preserve_ in your 'syslog'.

You could simply 'vi' the current '/var/adm/syslog/syslog.log' deleting everything before this range begins.

You could, as Dennis suggested, use something like 'sed' to match and print lines in that region to a new file.

If you chose to redirect output to a new file, like 'syslog.latest' or 'syslog.new' and then wish to _replace_ the contents of the "real" syslog file with it:

Do _NOT_ use 'mv' to replace the old file with the new file. Instead, use 'cp' to keep the current file associated with the current 'syslogd' process. If you erroneously 'mv' a new file over the old one, you will find that further logging will not occur until you restart the 'syslogd' daemon.

If you examine the "start" action of '/sbin/init.d/syslogd' you will see that a restart of the 'syslogd' daemon is made following a 'mv' [rename] of the current 'syslog' to 'OLDsyslog'.

Regards!

...JRF...


0 Kudos
Jeeshan
Honored Contributor

тАО05-04-2009 03:27 AM

тАО05-04-2009 03:27 AM

Re: Syslog purging

thnx all
a warrior never quits
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО05-04-2009 06:36 PM

тАО05-04-2009 06:36 PM

Re: Syslog purging

>sed -e '/Apr 1/,$p/' syslog.log > syslog.latest
>ME: You'll need to find the exact format for Apr 1 from the syslog file.

Oops, slight problem, that should have a -n!

In mine, there is one space after the month and for one digit dates, there is an extra space.

I assume you don't have to worry about no syslog entries for Apr 1? ;-)

For partial months, you could use:
sed -n -e '/^Apr /,$p/' syslog.log

This picks the first entry for April, even if you rebooted on Apr 15.
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО05-04-2009 06:39 PM

тАО05-04-2009 06:39 PM

Re: Syslog purging

Oops another typo: sed -n -e '/^Apr /,$p' syslog.log
0 Kudos
Jeeshan
Honored Contributor

тАО05-04-2009 08:32 PM

тАО05-04-2009 08:32 PM

Re: Syslog purging

thnx Denis
a warrior never quits
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.