- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Log management in HP-UX
Operating System - HP-UX
1753284
Members
5399
Online
108792
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 05:24 AM
тАО04-15-2010 05:24 AM
Re: Log management in HP-UX
It will help to understand that syslogd is NOT the only tool that creates logs. cron and su and so on are processes that write their own logs -- they do not use the syslog facility at all. To see how many logs are kept by individual processes, look at /var/adm as in:
ll /var/adm/*.log
These files are not part of a standard syslog setup. What happens in syslog.log is controlled completely by the /etc/syslog.conf file. The facilities and levels of reporting are defined in that file.
There is nothing in standard HP-UX that will rotate the logs except a reboot (or more accurately, running the startup script
/sbin/init.d/syslog start
will move the current lof to OLDsyslog.log and start a new syslog.log.
As mentioned above, the other copies of syslog.log have been created by a custom script or program byu the previous administrator. Based on the time stamps, this is done at 1 minute after midnight so you'll likely find a script or program running at midnight that performs this task.
Also based on the files you see, the script has an error: in November, it rotated the logs and compressed them (*.gz) but in February and March, it did not compress them. So the script needs repair.
Also, your syslog.conf file creates a duplicate entry in syslog.log and each of these facility logs:
mark, kern, user, daemon, auth, lpr, security
And there is no security facility (see man 3c syslog). I think what you want is to remove noisy messages from syslog and move them to separate logs, like this:
# Use only tabs, not spaces
#
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice /var/adm/syslog/syslog.log
#
mail.debug /var/adm/syslog/mail.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
daemon.info /var/adm/syslog/daemon.log
kern.info /var/adm/syslog/kern.log
lpr.info /var/adm/syslog/lpr.log
#
*.alert /dev/console
*.alert root
*.emerg *
I have rearranged the lines to make it a bit more readable. The first line states what will (and will not) go into syslog.log. So it says that:
-- All messages with info level or higher
-- No messages from mail, local, auth, user or local5
-- daemon and kern messages at notice level and higher
Then, each of next lines are facilities that are logged into different files. local5 is for ftp messages from ftpd.
The last 3 lines state that alert (and higher) are sent to /dev/console and all logged in root users, while emerg level messages are sent to all logged in users.
NOTE: The syslog.conf file is the only file in Unix that does not work with spaces!! Any line with a space anywhere on the line becomes a comment, so the file must look like this when you use cat -tv:
# cat -tv /etc/syslog.conf
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;kern.notice;daemon.notice^I/var/adm/syslog/syslog.log
mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
lpr.info^I/var/adm/syslog/lpr.log
user.info^I/var/adm/syslog/user.log
kern.info^I/var/adm/syslog/kern.log
daemon.info^I/var/adm/syslog/daemon.log
*.alert^I^I/dev/console
*.alert^I^Iroot
*.emerg^I^I*
The ^I is the tab character. If any line has a space, the entire line is silently ignored.
When you edit this file, use the vi command :set list to see the tabs as ^I.
One other change is for NTP (Network Time Protocol). The default is to log to syslog but it doesn't have its own facility name, so I change /etc/rc.config.d/netdaemons to start xntpd with the option: -l /var/adm/ntp.log:
export NTPDATE_SERVER=us.pool.ntp.org
export XNTPD=1
export XNTPD_ARGS="-l /var/adm/ntp.log"
Bill Hassell, sysadmin
ll /var/adm/*.log
These files are not part of a standard syslog setup. What happens in syslog.log is controlled completely by the /etc/syslog.conf file. The facilities and levels of reporting are defined in that file.
There is nothing in standard HP-UX that will rotate the logs except a reboot (or more accurately, running the startup script
/sbin/init.d/syslog start
will move the current lof to OLDsyslog.log and start a new syslog.log.
As mentioned above, the other copies of syslog.log have been created by a custom script or program byu the previous administrator. Based on the time stamps, this is done at 1 minute after midnight so you'll likely find a script or program running at midnight that performs this task.
Also based on the files you see, the script has an error: in November, it rotated the logs and compressed them (*.gz) but in February and March, it did not compress them. So the script needs repair.
Also, your syslog.conf file creates a duplicate entry in syslog.log and each of these facility logs:
mark, kern, user, daemon, auth, lpr, security
And there is no security facility (see man 3c syslog). I think what you want is to remove noisy messages from syslog and move them to separate logs, like this:
# Use only tabs, not spaces
#
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice /var/adm/syslog/syslog.log
#
mail.debug /var/adm/syslog/mail.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
daemon.info /var/adm/syslog/daemon.log
kern.info /var/adm/syslog/kern.log
lpr.info /var/adm/syslog/lpr.log
#
*.alert /dev/console
*.alert root
*.emerg *
I have rearranged the lines to make it a bit more readable. The first line states what will (and will not) go into syslog.log. So it says that:
-- All messages with info level or higher
-- No messages from mail, local, auth, user or local5
-- daemon and kern messages at notice level and higher
Then, each of next lines are facilities that are logged into different files. local5 is for ftp messages from ftpd.
The last 3 lines state that alert (and higher) are sent to /dev/console and all logged in root users, while emerg level messages are sent to all logged in users.
NOTE: The syslog.conf file is the only file in Unix that does not work with spaces!! Any line with a space anywhere on the line becomes a comment, so the file must look like this when you use cat -tv:
# cat -tv /etc/syslog.conf
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;kern.notice;daemon.notice^I/var/adm/syslog/syslog.log
mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
lpr.info^I/var/adm/syslog/lpr.log
user.info^I/var/adm/syslog/user.log
kern.info^I/var/adm/syslog/kern.log
daemon.info^I/var/adm/syslog/daemon.log
*.alert^I^I/dev/console
*.alert^I^Iroot
*.emerg^I^I*
The ^I is the tab character. If any line has a space, the entire line is silently ignored.
When you edit this file, use the vi command :set list to see the tabs as ^I.
One other change is for NTP (Network Time Protocol). The default is to log to syslog but it doesn't have its own facility name, so I change /etc/rc.config.d/netdaemons to start xntpd with the option: -l /var/adm/ntp.log:
export NTPDATE_SERVER=us.pool.ntp.org
export XNTPD=1
export XNTPD_ARGS="-l /var/adm/ntp.log"
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 05:51 AM
тАО04-15-2010 05:51 AM
Re: Log management in HP-UX
Shalom,
I take issue with a few things:
I am new to HP-UX.
You really aren't so new any more. You have been posting questions here for quite some months. I assume the solutions you are getting are sticking and effective or you would not come back.
Logrotate is available for HP-UX. It is very old and cranky and does not do a terrific job.
Your system has the looks of having logroate run on it, which can be done with the depot or a series of scripts home grown.
Looks like a bit of hacking was done on the standard syslog configuration as well. Look there and you will find variances with other hpux systems you have available to you.
SEP
I take issue with a few things:
I am new to HP-UX.
You really aren't so new any more. You have been posting questions here for quite some months. I assume the solutions you are getting are sticking and effective or you would not come back.
Logrotate is available for HP-UX. It is very old and cranky and does not do a terrific job.
Your system has the looks of having logroate run on it, which can be done with the depot or a series of scripts home grown.
Looks like a bit of hacking was done on the standard syslog configuration as well. Look there and you will find variances with other hpux systems you have available to you.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2014 02:53 AM
тАО07-15-2014 02:53 AM
Re: Log management in HP-UX
where do we find oldsyslog.log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2014 02:58 AM
тАО07-15-2014 02:58 AM
Re: Log management in HP-UX
in /var/adm/syslog
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- « Previous
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP