Re: Log management in HP-UX

senthil_kumar_1 · ‎03-11-2010

In man page I have found below mentioned.

# man syslogd

The syslogd command reads and logs messages into a set of files described by the configuration file /etc/syslog.conf.

Normally we have not configured any entries to log the activities of cron , sulog , wtmp and automount.log in /etc/syslog.conf.

1)so that, will it prevent from logging the activities of cron , sulog , wtmp and automount.log in to their respective log files?

2)If yes, why the files are not created like OLDcron.log, OLDautomout.log while restarting syslog?

3)If no, will no logs be created (syslog, cron , sulog, wtmp and etc.,) if we have stopped syslog?

Johnson Punniyalingam · ‎03-11-2010

>>>2)If yes, why the files are not created like OLDcron.log, OLDautomout.log while restarting syslog? <<

becoz when you restart the "sylogd" as below, it will only created for OLDSyslog.log also syslogd -> dameons which writes its own information to "syslog.log" file, it should not write to OLDcron,OLDautomout.log

/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

Hope you can test above in any of your test servers. to clear doubts :)

Also you can refer to your posting

>>>I have found following entries in /etc/syslog.conf file.

#############################################
mail.debug /var/adm/syslog/mail_log
*.info;mail.none /var/adm/syslog/syslog.log

look at the syslog.conf file -> pointing to /var/adm/syslog/syslog.log

mail -> pointing to /var/adm/syslog/mail.log

Problems are common to all, but attitude makes the difference

senthil_kumar_1 · ‎03-11-2010

Hi All,

I have tested in my test server.

I would like to know whether the logs for cron , sulog, wtmp, automount.log will be created while syslogd is down.

So firs I have down the syslogd.

# /sbin/init.d/syslogd stop
syslogd stopped

After that no logs are created with in /var/adm/syslog/syslog.log but at the same time logs are being created in /var/adm/cron/log , /var/adm/sulog and /var/adm/wtmp.

So I come to conclusion that if we have stop the syslogd then it will not create any logs to the files available under /var/adm/syslog (all the files configured in /etc/syslog.conf) but at the same time other logs (cron, sulog, wtmp) will be created. am i correct because i want to double check with you?

Steven E. Protter · ‎03-11-2010

Shalom,

No logs configured in syslog.conf will write when the syslogd daemon is down.

The data may be queued, you will have to test that.

But syslogd daemon is something you want up and running all the time.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

senthil_kumar_1 · ‎03-11-2010

Hi

All the activities of starting and stopping the services (like nfs.server and nfs.client) will be in to which file because just for testing i have stopped and started again nfs.server and nfs.client but no logs are created for this activity in /var/adm/syslog/syslog.log?

Could you please clarify me about what are the service will be logged while start and stop and which file?

Steven E. Protter · ‎03-11-2010

Shalom,

All the activities of starting and stopping the services (like nfs.server and nfs.client) will be in to which file because just for testing i have stopped and started again nfs.server and nfs.client but no logs are created for this activity in /var/adm/syslog/syslog.log?
>>>
All services configured to be logged in syslog will be logged with start and stop messages. But it depends how the service is configured where and how they log. apache is not going to log in syslog at all. It has its own log.

This varies application to application.
>>>>

Could you please clarify me about what are the service will be logged while start and stop and which file?

How the service will be logged depends on two factors:

1) syslog.conf configuration.
2) How the service is written. NFS does log to syslog.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

senthil_kumar_1 · ‎03-11-2010

which one is correct?

1)wtmp or wtmps

2)btmp or btmps

senthil_kumar_1 · ‎03-11-2010

which one is correct?

1)wtmp or wtmps

2)btmp or btmps

Since my HP-UX server is having both wtmp & wtmps and btmp & btmps.

James R. Ferguson · ‎03-11-2010

Hi:

> which one is correct? 1)wtmp or wtmps 2)btmp or btmps

If you have the "*s" named file on your server you're running 11.23 or later and that's the file that you want to analyze.

Regards!

...JRF...

Steven E. Protter · ‎03-11-2010

Shalom again,

Just checked an 11.31 system.

They have both files but one one is active.

root@mngp01:/var/adm # ll wtmp*
-rw-rw-r-- 1 adm adm 11400 Feb 3 16:23 wtmp
-rw-rw-r-- 1 adm adm 144744 Mar 11 13:06 wtmps
-rw-r--r-- 1 root sys 280 Jan 8 16:50 wtmpx
root@mngp01:/var/adm # ll btmp*
-rw------- 1 root other 0 Mar 8 2009 btmp
-rw------- 1 root other 11084 Feb 25 17:04 btmps

The btmp on this file is zero bytes because almost nobody logs into it.

See the dates for which file is active.

Your mileage may vary on earlier releases of HP-UX.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Re: Log management in HP-UX