HPE Community
Operating System - HP-UX
1752782 Members
5905 Online
108789 Solutions
New Discussion юеВ

System Logging

 
SOLVED
Go to solution
John Talaga
Advisor

тАО06-03-2010 01:08 PM

тАО06-03-2010 01:08 PM

System Logging

Hello all,

I am being questioned about certain logging that is done, or isn't being done, on my 11.23 system.

Can anyone tell me if the following items are logged, and where:

Network link failures.
Changes to system date/time.

I have tested both of these on a non-production system, and checked in the syslog, but no entries for either appeared.

My syslog.conf is default, which sends *.info to /etc/syslog/syslog.log, but alas, syslog.log doesn't show anything when the link goes down, or when I change the system time.

Any help or advice is greatly appreciated.

--John
0 Kudos
Reply
4 REPLIES 4
Bill Hassell
Honored Contributor

тАО06-03-2010 06:13 PM

тАО06-03-2010 06:13 PM

Solution

Re: System Logging

> Can anyone tell me if the following items are logged, and where:
>
> Network link failures.
> Changes to system date/time.

Network link failures...well, that is a very broad definition. Are you referring to the network cable being cut? Or that a router has failed? Or that a remote NFS server is no longer responding? There are dozens of reasons that a network connection is not quite right but no single command can determine these conditions. Therefore, only selected logging is done by HP-UX for network problems. Examples might be NFS error messages.

The system date/time can be changed by a program, a script or any root user. It is not logged. Genreally speaking, changing the system date/time should be considered to be a high risk, global impact change and no sysadmin should do this without appropriate change control and review.

To protect the date command from untrained or inexperienced root users, you can encapsulate the date command with a script that forbids date changes but allows formatted date formats. However, it sounds like there are much bigger problems with root users. The solution is to install and configure sudo and never give out the root password to anyone.

AS far as logging every command the root user issues, that is found in the root user's HOME directory in the .sh_history file. This file may need to be created and the variables HISTFILE and HISTSIZE set in /etc/profile before logging takes place.


Bill Hassell, sysadmin
Reply
SoorajCleris
Honored Contributor

тАО06-03-2010 06:25 PM

тАО06-03-2010 06:25 PM

Re: System Logging

Hi,

I think the page below will be helpfull network tracing

http://g4u0420c.houston.hp.com/en/5992-2922/ch08s03.html?btnPrev=%AB%A0prev

netfmt nettl will help you to find network link failure details.

Regards,
Sooraj
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity" - Dennis Ritchie
Reply
John Talaga
Advisor

тАО06-04-2010 11:54 AM

тАО06-04-2010 11:54 AM

Re: System Logging

Thanks for the information all.

Just to clarify a bit, I haven't been experiencing problems with users trying to modify system date or time. I am simply being asked about what we are logging. I've been coming up empty when trying to research, so I brought it to the experts.

As for logging a link loss, I wasn't given very much clarification on what was considered a link loss. I tested, on a test server, by simply pulling the network cable for a few seconds, and plugging it back in. I noticed that nothing was written to the syslog. I was curious, as I would think this would be logged there.

Thanks again

--John
0 Kudos
Reply
John Talaga
Advisor

тАО06-04-2010 12:41 PM

тАО06-04-2010 12:41 PM

Re: System Logging

All,

I have found that the network cable disconnect is logged to /var/adm/nettl.LOG000. Using the netfmt command, I was able to view the contents of this file, and see the log entries.

Thanks all for your assistance.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.