HPE Community
Operating System - HP-UX
1833758 Members
2879 Online
110063 Solutions
New Discussion

Awash in syslog...

 
SOLVED
Go to solution
Sorrel G. Jakins
Valued Contributor

‎05-07-2002 11:12 AM

‎05-07-2002 11:12 AM

Awash in syslog...

I have 650 access switches, 45 distribution switches, 45 HP (live free or die UN*X) servers, 60 IA32 servers, and a hodgepodge of monitors and agents, as well as CA?Unicenter. All produce logs of one type or another.

I tried funneling the syslogs to a single server, which promptly overflowed and died.

What do the rest of you do? (Generous points will be assigned)....
0 Kudos
Reply
5 REPLIES 5
Pete Randall
Outstanding Contributor

‎05-07-2002 11:19 AM

‎05-07-2002 11:19 AM

Re: Awash in syslog...

Sorrel,

I thought that was supposed to be where CA-unicrap excelled. If it did, indeed, handle all the monitoring then couldn't you just routinely clean out all the other logs. I'm sure it would take a while to set up Unicenter but . . .

Pete

Pete
Reply
Sachin Patel
Honored Contributor

‎05-07-2002 11:26 AM

‎05-07-2002 11:26 AM

Re: Awash in syslog...

Hi Sorrel,
I run a script every couple hour which goes one by one system and collect the information that I am interested and sends me email.

Attached is that script. It is not pro. script but it works for me.

It is sigle script it run on individual system. You have to put wrapper so it runs on many systems

something like
for i in sys1 sys2 sys3
do
remsh $i system_watch
done

Sachin
Is photography a hobby or another way to spend $
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-07-2002 11:27 AM

‎05-07-2002 11:27 AM

Re: Awash in syslog...

I use IT/O (excuse me VP/O) but I assume that these agents are going to mess up at some point so that ALL syslog stuff is logged locally and the agent's job is to forward important stuff to the IT/O server. I suggest that you use syslog for the purpose it was intended on each box and Unicenter's job is to make sense of this. You should also have daemons/agents whose job is it to clean up the syslogs on a periodic basis.
If it ain't broke, I can fix that.
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎05-07-2002 11:56 AM

‎05-07-2002 11:56 AM

Re: Awash in syslog...

Hi Sorrel

We use ITO for event notifications and errors , I ahve small scirpts which work fro stuff like disk space util etcetc . Howeever for the historical data part we ahve perfview configured in which the data is stored locally on the servers for pulling the data we use something like a monitoring server which pulls the data ( incedntly we use the same server for ITO adn Omni back) . Also in case we include the back up of the logs with the fielsyste abck of the server so that we donnot tread into unknown waters . typically we scale down to some application stat and ofcourse Oracle .


Manoj Srivastava
Reply
John Payne_2
Honored Contributor

‎05-10-2002 01:13 PM

‎05-10-2002 01:13 PM

Solution

Re: Awash in syslog...

The problem, (I work for Sorrel) is that we were logging things locally, but some machines ended up being way more verbose than others, and as we brought more and more servers in, Unicenter did not seem to scale it's ability to handle all these messages well. Also, there is the problem of losing logs and wanting them weeks later. (Doesn't happen much, but it does happen.) We thought that if all messages were moved to a central repository, then at least there was a point to find things much later after logs were trimmed. Unicenter's saf (Store and Forward) facility also stores messages if the cci bandwidth was not sufficient at the time.

How does IT/O scale? Sorrel posted the magnitude of our environment, does anyone have something about our size that they can manage well? (We are a University. We use cheap unskilled student labor for our Operations staff. The easier things are to use, the better...)

John
Spoon!!!!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.