HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Empty /var/adm/messages

 
SOLVED
Go to solution
Raynald Boucher
Super Advisor

Empty /var/adm/messages

I have a development server with an empty /var/adm/messages file.
Last reboot was May 7th after installation of security patches.
The following shows the setup.
What am I missing?

# ll /var/adm/messages
-rw-r--r-- 1 root root 0 May 7 17:19 /var/adm/messages
# ps -ef | grep cron
root 1909 1 0 May 7 ? 2:36 /usr/sbin/cron

# crontab -l | grep dmesg
# dmesg saving
06,11,16,21,26,31,36,41,46,51,56 * * * * /usr/sbin/dmesg - | grep -v "ATI Radeon
" | grep -v "`date '+%b %e'`" >> /var/adm/messages

# ll /usr/sbin/dmesg
lrwxr-xr-x 1 root root 11 May 23 2005 /usr/sbin/dmesg -> /sbin/dmesg
# ll /sbin/dmesg
-r-xr-xr-x 1 bin bin 212992 Nov 14 2000 /sbin/dmesg
#

Thank
RayB
13 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: Empty /var/adm/messages

Hi Raynald:

I think you meant to post this in the Linux forum family.

That aside, one way to see this behavior is to have renamed (via 'mv' instead of 'cp') the original '/var/adm/messages' (perhaps to empty it) and then created a new one (perhaps with 'touch'). Then, if the 'syslog' daemon wasn't restarted, it will continue to use the renamed file since this is the file to which it points.

Regards!

...JRF...
Solution

Re: Empty /var/adm/messages

>... | grep -v "`date '+%b %e'`"

Won't this exclude today's (all) messages?
Raynald Boucher
Super Advisor

Re: Empty /var/adm/messages

Sorry James,
this is for an HP rp3440 running hp-ux 11.11.

and syslogd is running:
# ps -ef | grep syslog
root 802 1 0 May 7 ? 0:01 /usr/sbin/syslogd -D
#

I was thinking the --- | grep -v "`date '+%b %e'`" --- was erasing everything but it works as in
# echo "`date '+%b %e'`"
May 19
#

RayB
Jeff_Traigle
Honored Contributor

Re: Empty /var/adm/messages

Do you have a process that rotates the syslog file? If so, it may not be issuing a 'kill -HUP' to the syslogd so it writes to the new file instead of the old one.
--
Jeff Traigle
Raynald Boucher
Super Advisor

Re: Empty /var/adm/messages

Denis,

You are right.
Erasing the "ATI Radeon ..." messages leaves a lonely timestamp that trips the automatic log monitor. This grep -v removes it.

The file should at least contain the log of the last boot event if the date has been erased... no?

Rayb
smatador
Honored Contributor

Re: Empty /var/adm/messages

Hi,
I don't have now an access to a linux...but
to troubleshoot, first I suggest you to test without the grep -v "`date '+%b %e'`". If it's ok, that's mean your crontab don't like this.
Also, try to made the command with the full path of grep and date.
first
06,11,16,21,26,31,36,41,46,51,56 * * * * /usr/sbin/dmesg - | /bin/grep -v "ATI Radeon"
if it's ok, let's try
06,11,16,21,26,31,36,41,46,51,56 * * * * /usr/sbin/dmesg - | /bin/grep -v "ATI Radeon" | /bin/grep -v "`/usr/bin/date '+%b %e'`" >> /var/adm/messages
Hope it helps
Raynald Boucher
Super Advisor

Re: Empty /var/adm/messages

Syslog was aged by last boot:
# ll /var/adm/syslog/
total 34624
-rw-r----- 1 root sys 207 Aug 29 2007 @!
-rw-r--r-- 1 root sys 2681070 May 7 17:14 OLDsyslog.log
-r--r--r-- 1 root root 11875300 May 19 14:05 mail.log
-rw-r--r-- 1 root root 1438575 May 19 16:17 syslog.log
#

I have tried dmesg | grep -v "May 19" and it returms the boot log minus the timestamp so that works.

so it looks like "dmesg -" fails.
Does anyone know where dmesg keeps it's pointers for the "-" option?
Or how I can modify/refresh the system error message buffer so I can test this?

RayB
James R. Ferguson
Acclaimed Contributor

Re: Empty /var/adm/messages

Hi Ray:

> Does anyone know where dmesg keeps it's pointers for the "-" option? Or how I can modify/refresh the system error message buffer so I can test this?

I suspect that the kernel knows :-)

To refresh you could deliberately fill up a filesystem and attempt further writes to it. This will be logged in 'dmesg' and you can then retest 'dmesg -'. See the manpages:

http://docs.hp.com/en/B2355-60130/dmesg.1M.html

By the way: '/var/log/messages' while referenced in the 'dmesg' manpages example is the Linux equavlient of '/var/adm/syslog/syslog.log'. Hence the reason for the confusion of Linux vs. HP-ux.

Regards!

...JRF...

Re: Empty /var/adm/messages

>ME: Won't this exclude today's (all) messages?

I guess not. This is just an extra line, in between each output. You may want to add a "^" so it only removes it from the start of each line. And you can combine the two greps:
grep -v -e "ATI Radeon" -e "^$(date '+%b %e')"

>The file should at least contain the log of the last boot event if the date has been erased?

It should since you append. But last(1) or /etc/rc.log have that.

>Does anyone know where dmesg keeps it's pointers for the "-" option?

As documented under dmesg(1M): /var/adm/msgbuf

>JRF: I suspect that the kernel knows :-)

It appears the kernel knows nothing about dmesg(1M).

>smatador: try to made the command with the full path of grep and date.

No need since these are both in cron's PATH.
Raynald Boucher
Super Advisor

Re: Empty /var/adm/messages

Well, looks like smatador and Dennis are both right.
The error comes from the "grep -v date...".
I've taken it out for now but would still like to understand why the command is failing.

The cron command seems to be truncated at the first "%" character encountered as shown in the following cron log:
# tail -1000 log | grep dmesg
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v -e "ATI Radeon" -e "^$(date '+
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v -e "ATI Radeon" -e "^$(date '+
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v -e "ATI Radeon" -e "^$(date '+
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v "ATI Radeon" >> /var/adm/messages
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v "ATI Radeon" >> /var/adm/messages
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v "ATI Radeon" >> /var/adm/messages
> CMD: /usr/sbin/dmesg - | /usr/bin/grep -v "ATI Radeon" >> /var/adm/messages


The funny think is: the command works perfectly well from the command line or a shell script using the "usr/bin/sh" shell.
cron however seems to parse it differently.

Another thing, I received an error via roots mail when the grep command was written as grep -v "`date '+%b %e'`" but root stopped receiving errors once coded as grep -v "$(date '+%b %e')".

Can anyone shed some light on the differences in interpretation using these two forms?
Raynald Boucher
Super Advisor

Re: Empty /var/adm/messages

Finaly found the solution:
had to escape the "%" characters in the "date" command.

That might be a nice item to add to cron's man page.

Thanks all.

RayB

Re: Empty /var/adm/messages

>had to escape the "%" characters in the "date" command. That might be a nice item to add to cron's man page.

Oops, didn't notice that, even though I have a \% in mine.

It's right there in crontab(1):
A percent character (%) in this field (unless escaped by a backslash (\)) is translated to a newline character ...
Raynald Boucher
Super Advisor

Re: Empty /var/adm/messages

Thanks Dennis,
I had been looking at the "cron" manpage instead of "crontab".

RayB