HPE Community
Operating System - HP-UX
1752701 Members
6234 Online
108789 Solutions
New Discussion юеВ

Re: Empty /var/adm/messages

 
SOLVED
Go to solution
Raynald Boucher
Super Advisor

тАО05-19-2009 10:05 AM

тАО05-19-2009 10:05 AM

Empty /var/adm/messages

I have a development server with an empty /var/adm/messages file.
Last reboot was May 7th after installation of security patches.
The following shows the setup.
What am I missing?

# ll /var/adm/messages
-rw-r--r-- 1 root root 0 May 7 17:19 /var/adm/messages
# ps -ef | grep cron
root 1909 1 0 May 7 ? 2:36 /usr/sbin/cron

# crontab -l | grep dmesg
# dmesg saving
06,11,16,21,26,31,36,41,46,51,56 * * * * /usr/sbin/dmesg - | grep -v "ATI Radeon
" | grep -v "`date '+%b %e'`" >> /var/adm/messages

# ll /usr/sbin/dmesg
lrwxr-xr-x 1 root root 11 May 23 2005 /usr/sbin/dmesg -> /sbin/dmesg
# ll /sbin/dmesg
-r-xr-xr-x 1 bin bin 212992 Nov 14 2000 /sbin/dmesg
#

Thank
RayB
0 Kudos
13 REPLIES 13
James R. Ferguson
Acclaimed Contributor

тАО05-19-2009 10:14 AM

тАО05-19-2009 10:14 AM

Re: Empty /var/adm/messages

Hi Raynald:

I think you meant to post this in the Linux forum family.

That aside, one way to see this behavior is to have renamed (via 'mv' instead of 'cp') the original '/var/adm/messages' (perhaps to empty it) and then created a new one (perhaps with 'touch'). Then, if the 'syslog' daemon wasn't restarted, it will continue to use the renamed file since this is the file to which it points.

Regards!

...JRF...
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО05-19-2009 10:20 AM

тАО05-19-2009 10:20 AM

Solution

Re: Empty /var/adm/messages

>... | grep -v "`date '+%b %e'`"

Won't this exclude today's (all) messages?
0 Kudos
Raynald Boucher
Super Advisor

тАО05-19-2009 10:39 AM

тАО05-19-2009 10:39 AM

Re: Empty /var/adm/messages

Sorry James,
this is for an HP rp3440 running hp-ux 11.11.

and syslogd is running:
# ps -ef | grep syslog
root 802 1 0 May 7 ? 0:01 /usr/sbin/syslogd -D
#

I was thinking the --- | grep -v "`date '+%b %e'`" --- was erasing everything but it works as in
# echo "`date '+%b %e'`"
May 19
#

RayB
0 Kudos
Jeff_Traigle
Honored Contributor

тАО05-19-2009 10:45 AM

тАО05-19-2009 10:45 AM

Re: Empty /var/adm/messages

Do you have a process that rotates the syslog file? If so, it may not be issuing a 'kill -HUP' to the syslogd so it writes to the new file instead of the old one.
--
Jeff Traigle
0 Kudos
Raynald Boucher
Super Advisor

тАО05-19-2009 10:47 AM

тАО05-19-2009 10:47 AM

Re: Empty /var/adm/messages

Denis,

You are right.
Erasing the "ATI Radeon ..." messages leaves a lonely timestamp that trips the automatic log monitor. This grep -v removes it.

The file should at least contain the log of the last boot event if the date has been erased... no?

Rayb
0 Kudos
smatador
Honored Contributor

тАО05-19-2009 10:59 AM

тАО05-19-2009 10:59 AM

Re: Empty /var/adm/messages

Hi,
I don't have now an access to a linux...but
to troubleshoot, first I suggest you to test without the grep -v "`date '+%b %e'`". If it's ok, that's mean your crontab don't like this.
Also, try to made the command with the full path of grep and date.
first
06,11,16,21,26,31,36,41,46,51,56 * * * * /usr/sbin/dmesg - | /bin/grep -v "ATI Radeon"
if it's ok, let's try
06,11,16,21,26,31,36,41,46,51,56 * * * * /usr/sbin/dmesg - | /bin/grep -v "ATI Radeon" | /bin/grep -v "`/usr/bin/date '+%b %e'`" >> /var/adm/messages
Hope it helps
0 Kudos
Raynald Boucher
Super Advisor

тАО05-19-2009 11:37 AM

тАО05-19-2009 11:37 AM

Re: Empty /var/adm/messages

Syslog was aged by last boot:
# ll /var/adm/syslog/
total 34624
-rw-r----- 1 root sys 207 Aug 29 2007 @!
-rw-r--r-- 1 root sys 2681070 May 7 17:14 OLDsyslog.log
-r--r--r-- 1 root root 11875300 May 19 14:05 mail.log
-rw-r--r-- 1 root root 1438575 May 19 16:17 syslog.log
#

I have tried dmesg | grep -v "May 19" and it returms the boot log minus the timestamp so that works.

so it looks like "dmesg -" fails.
Does anyone know where dmesg keeps it's pointers for the "-" option?
Or how I can modify/refresh the system error message buffer so I can test this?

RayB
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО05-19-2009 11:53 AM

тАО05-19-2009 11:53 AM

Re: Empty /var/adm/messages

Hi Ray:

> Does anyone know where dmesg keeps it's pointers for the "-" option? Or how I can modify/refresh the system error message buffer so I can test this?

I suspect that the kernel knows :-)

To refresh you could deliberately fill up a filesystem and attempt further writes to it. This will be logged in 'dmesg' and you can then retest 'dmesg -'. See the manpages:

http://docs.hp.com/en/B2355-60130/dmesg.1M.html

By the way: '/var/log/messages' while referenced in the 'dmesg' manpages example is the Linux equavlient of '/var/adm/syslog/syslog.log'. Hence the reason for the confusion of Linux vs. HP-ux.

Regards!

...JRF...
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО05-19-2009 03:07 PM

тАО05-19-2009 03:07 PM

Re: Empty /var/adm/messages

>ME: Won't this exclude today's (all) messages?

I guess not. This is just an extra line, in between each output. You may want to add a "^" so it only removes it from the start of each line. And you can combine the two greps:
grep -v -e "ATI Radeon" -e "^$(date '+%b %e')"

>The file should at least contain the log of the last boot event if the date has been erased?

It should since you append. But last(1) or /etc/rc.log have that.

>Does anyone know where dmesg keeps it's pointers for the "-" option?

As documented under dmesg(1M): /var/adm/msgbuf

>JRF: I suspect that the kernel knows :-)

It appears the kernel knows nothing about dmesg(1M).

>smatador: try to made the command with the full path of grep and date.

No need since these are both in cron's PATH.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.