HPE Community
Operating System - HP-UX
1753716 Members
4318 Online
108799 Solutions
New Discussion юеВ

syslog for 60 days

 
SOLVED
Go to solution
Ravi_8
Honored Contributor

тАО12-26-2002 10:21 PM

тАО12-26-2002 10:21 PM

syslog for 60 days

Hi, all

when i looked into OLDsyslog.log file of all systems it has the logs till last boot and syslog.log from the last boot. Now my question is how to keep the logs for 60 days irrespective of boots

Thank u all
never give up
0 Kudos
Reply
17 REPLIES 17
RAC_1
Honored Contributor

тАО12-26-2002 10:36 PM

тАО12-26-2002 10:36 PM

Re: syslog for 60 days

Everytime the system is started the syslog is move to OLDsyslog.log and new one started.

I just looked at syslogd in /sbin/init.d directory.

That says no changes in this file. The other way I can think of is putting a script in sbin/init.d and links in respective rc levels in such a way that it checks for syslog.log file then renames it. this way we can control syslog.log file moved. and at the same time syslogd daemon will be able to keep two files. OLDsyslog.d and syslog.log.

No idea on how I would start the script before syslogd starts.
There is no substitute to HARDWORK
0 Kudos
Reply
RAC_1
Honored Contributor

тАО12-26-2002 10:41 PM

тАО12-26-2002 10:41 PM

Re: syslog for 60 days

Everytime the system is started the syslog is move to OLDsyslog.log and new one started.

I just looked at syslogd in /sbin/init.d directory.

That says no changes in this file. The other way I can think of is putting a script in sbin/init.d and links in respective rc levels in such a way that it checks for syslog.log file then renames it. this way we can control syslog.log file moved. and at the same time syslogd daemon will be able to keep two files. OLDsyslog.d and syslog.log.

No idea on how I would start the script before syslogd starts.
There is no substitute to HARDWORK
0 Kudos
Reply
RAC_1
Honored Contributor

тАО12-26-2002 10:45 PM

тАО12-26-2002 10:45 PM

Re: syslog for 60 days

sorry for three replies.

Problem with accessing internet.
There is no substitute to HARDWORK
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО12-27-2002 01:37 AM

тАО12-27-2002 01:37 AM

Re: syslog for 60 days

Why don't you roll your own log rotation scheme for /var/adm/syslog/syslog.log?

I think all that should be required is to send syslogd a SIGHUP to restart system logging.
Thus I would think you could do something like


gzip -c /var/adm/syslog/syslog.log > /var/adm/syslog/syslog_till_$(date +%Y%m%d).gz
> /var/adm/syslog/syslog.log && kill -s 1 $(cat /var/run/syslog.pid)

put something similar (better more eleborate) in a script and have it run through cron at your rotation intervall
Madness, thy name is system administration
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО12-27-2002 01:43 AM

тАО12-27-2002 01:43 AM

Re: syslog for 60 days

Sorry,

I was deviating, and didn't answer your question.

I think (though this may be not good practice) you will have to modify this line here

# grep mv /sbin/init.d/syslogd
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.
log


And do the move instead through your own rotation scheme at wanted intervalls.
Madness, thy name is system administration
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

тАО12-27-2002 01:44 AM

тАО12-27-2002 01:44 AM

Re: syslog for 60 days

Hi,
true when ever the system is booted the syslog gets coppied to Oldsyslog and a new syslog file starts.
To save these files write a housekeeping script which copies the syslog everyday to a file with date stamp.
Something like syslog25MonDec.
and empty the syslog file. Keep files only for 60 days and delete rest.
You you need more info on how to write that script let me know.

Cheers
Rajeev
0 Kudos
Reply
Leif Halvarsson_2
Honored Contributor

тАО12-27-2002 02:08 AM

тАО12-27-2002 02:08 AM

Re: syslog for 60 days

Hi
I think this is possible.

In the file /sbin/init.d/syslog is a line:
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
Comment out this line.

Write a cron script that copy the syslog.log file to OLDsyslog.log and reset syslog.log

cp /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
>/var/adm/syslog/syslog.log

Run this script once evry second month.

0 0 1 1,3,5,7,9,11 * /
0 Kudos
Reply
Ravi_8
Honored Contributor

тАО12-27-2002 02:10 AM

тАО12-27-2002 02:10 AM

Re: syslog for 60 days

Hi, rajeev

I can't do moving files manually on over 100 HP machines that we have. I need automate the process
never give up
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

тАО12-27-2002 02:15 AM

тАО12-27-2002 02:15 AM

Re: syslog for 60 days

Thats why i am saying Ravi. Write a script, put it in the cron and forget it. It will copy the cron to another file at midnight, trim the original syslog to 0 and then search for files older that 60 days and delete them its so simple.
Use cron dont do things manually


Rajeev
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.