HPE Community
Operating System - HP-UX
1753284 Members
5399 Online
108792 Solutions
New Discussion юеВ

Re: Log management in HP-UX

 
SOLVED
Go to solution
Bill Hassell
Honored Contributor

тАО04-15-2010 05:24 AM

тАО04-15-2010 05:24 AM

Re: Log management in HP-UX

It will help to understand that syslogd is NOT the only tool that creates logs. cron and su and so on are processes that write their own logs -- they do not use the syslog facility at all. To see how many logs are kept by individual processes, look at /var/adm as in:

ll /var/adm/*.log

These files are not part of a standard syslog setup. What happens in syslog.log is controlled completely by the /etc/syslog.conf file. The facilities and levels of reporting are defined in that file.

There is nothing in standard HP-UX that will rotate the logs except a reboot (or more accurately, running the startup script

/sbin/init.d/syslog start

will move the current lof to OLDsyslog.log and start a new syslog.log.

As mentioned above, the other copies of syslog.log have been created by a custom script or program byu the previous administrator. Based on the time stamps, this is done at 1 minute after midnight so you'll likely find a script or program running at midnight that performs this task.

Also based on the files you see, the script has an error: in November, it rotated the logs and compressed them (*.gz) but in February and March, it did not compress them. So the script needs repair.

Also, your syslog.conf file creates a duplicate entry in syslog.log and each of these facility logs:

mark, kern, user, daemon, auth, lpr, security

And there is no security facility (see man 3c syslog). I think what you want is to remove noisy messages from syslog and move them to separate logs, like this:


# Use only tabs, not spaces
#
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice /var/adm/syslog/syslog.log
#
mail.debug /var/adm/syslog/mail.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
daemon.info /var/adm/syslog/daemon.log
kern.info /var/adm/syslog/kern.log
lpr.info /var/adm/syslog/lpr.log
#
*.alert /dev/console
*.alert root
*.emerg *

I have rearranged the lines to make it a bit more readable. The first line states what will (and will not) go into syslog.log. So it says that:

-- All messages with info level or higher
-- No messages from mail, local, auth, user or local5
-- daemon and kern messages at notice level and higher

Then, each of next lines are facilities that are logged into different files. local5 is for ftp messages from ftpd.

The last 3 lines state that alert (and higher) are sent to /dev/console and all logged in root users, while emerg level messages are sent to all logged in users.

NOTE: The syslog.conf file is the only file in Unix that does not work with spaces!! Any line with a space anywhere on the line becomes a comment, so the file must look like this when you use cat -tv:

# cat -tv /etc/syslog.conf
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;kern.notice;daemon.notice^I/var/adm/syslog/syslog.log

mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
lpr.info^I/var/adm/syslog/lpr.log
user.info^I/var/adm/syslog/user.log
kern.info^I/var/adm/syslog/kern.log
daemon.info^I/var/adm/syslog/daemon.log

*.alert^I^I/dev/console
*.alert^I^Iroot
*.emerg^I^I*

The ^I is the tab character. If any line has a space, the entire line is silently ignored.
When you edit this file, use the vi command :set list to see the tabs as ^I.

One other change is for NTP (Network Time Protocol). The default is to log to syslog but it doesn't have its own facility name, so I change /etc/rc.config.d/netdaemons to start xntpd with the option: -l /var/adm/ntp.log:

export NTPDATE_SERVER=us.pool.ntp.org
export XNTPD=1
export XNTPD_ARGS="-l /var/adm/ntp.log"


Bill Hassell, sysadmin
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО04-15-2010 05:51 AM

тАО04-15-2010 05:51 AM

Re: Log management in HP-UX

Shalom,

I take issue with a few things:

I am new to HP-UX.

You really aren't so new any more. You have been posting questions here for quite some months. I assume the solutions you are getting are sticking and effective or you would not come back.

Logrotate is available for HP-UX. It is very old and cranky and does not do a terrific job.

Your system has the looks of having logroate run on it, which can be done with the depot or a series of scripts home grown.

Looks like a bit of hacking was done on the standard syslog configuration as well. Look there and you will find variances with other hpux systems you have available to you.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
lakshk
New Member

тАО07-15-2014 02:53 AM

тАО07-15-2014 02:53 AM

Re: Log management in HP-UX

where do we find oldsyslog.log

0 Kudos
Reply
Torsten.
Acclaimed Contributor

тАО07-15-2014 02:58 AM

тАО07-15-2014 02:58 AM

Re: Log management in HP-UX

in /var/adm/syslog

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.