HPE Community
Operating System - HP-UX
1821641 Members
3410 Online
109633 Solutions
New Discussion юеВ

email notification from syslog.conf

 
Jim Wolff
Occasional Advisor

тАО09-07-2001 02:24 AM

тАО09-07-2001 02:24 AM

email notification from syslog.conf

Can someone please help me with this simply question. I have looked in at least 3 separate books without any examples and searched this web page as well.

I am trying to set up my syslog.conf file to notify me via email if we should experience a critical system error (e.g., a lost drive in my RAID-5 array, or other critical system type error that I need to know about as soon as possible).

1) how can I distinguish between what I want to be considered a "critical" system error. Anotherwords, I want to be notified of a failed disk in my raid array, but may not want to be notified of other "critical" system errors.

2) my plan was to set the syslog.conf to send "critical" errors to a file which I could then set a cron job to email the contents of that file to my email address or pager (somehow).

=> in the syslog.conf file, I presume to put an entry such as:

*.emerg /var/adm/crit_errs

Assuming the above would cause "critical" system errors to be written to /var/adm/crit_errs.
Then, I would simply run a cron job that executes a file that contains something to the effect of:

HOSTNAME=`hostname`
SERVER=$HOSTNAME
cat /var/adm/crit_errs | grep |mailx -s "Critical error on server $SERVER" my_email@myhost.com < /var/adm/crit_errs

Am I close, or could someone please give me an example please of how to set something like this up? Obviously in the above example I would need to either clear the crit_errs file or use tail -1 , but my question is whether I am going in the right direction here. And if not, can someone suggest a better way (without using 3rd party software).
Sr. Oracle DBA
0 Kudos
Reply
5 REPLIES 5
Stefan Farrelly
Honored Contributor

тАО09-07-2001 02:43 AM

тАО09-07-2001 02:43 AM

Re: email notification from syslog.conf


Syslog automatically emails root for emergencies and alerts;

mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

So to redirect to another mailbox somewhere you need to modify your /etc/mail/aliases file and point root to , then run newaliases. Now when a filesystem fills up you will get an email to root.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Jim Wolff
Occasional Advisor

тАО09-07-2001 04:44 AM

тАО09-07-2001 04:44 AM

Re: email notification from syslog.conf

I tried to reply to this once already, but something appears to have happened to my reply.

Basically, I need to be able to receive the email notifications to my personal emails as opposed to getting them forward by a .forward file or an email alias. I do not want to receive all of root's email, only critical system errors from the syslogd (syslog.conf) when appropriate (such as a "failed" disk drive on my RAID array). As you know, with audit-logging turned on, a failed drive will automatically be rebuilt and the system will continue as normal. If you do not replace the failed drive (because you were not aware of it being bad), you potentially could lose your entire RAID array file system if a second drive were to go bad. This is my objective.

Thanks again.
Sr. Oracle DBA
0 Kudos
Reply
Wodisch
Honored Contributor

тАО09-10-2001 12:59 PM

тАО09-10-2001 12:59 PM

Re: email notification from syslog.conf

Hello Jim,

there are other "syslogd" version having the additional
feature of "| cmd" in their "syslog.conf" files, but not on
HPUX, though...
What you could do, is to have an additional line like

*.alert /var/adm/emailpipe

where "/var/adm/emailpipe" is created with the command
mknod /var/adm/emailpipe p

and has permissions like root:sys:600, to be careful.

Then you create an "rc" script to run the following
script in the background:

#!/usr/bin/sh
trap "" 1 2 3 # block simple signals
while read message # ok, each line becomes an e-mail
do echo "$message" |
mailx -s"msg from syslog" YOU@YOUR-MAIL-SERVER
done < /var/adm/emailpipe
# end of script

HTH,
Wodisch
0 Kudos
Reply
linuxfan
Honored Contributor

тАО09-10-2001 10:11 PM

тАО09-10-2001 10:11 PM

Re: email notification from syslog.conf

Hi Jim,

You could install EMS Hardware monitors which are part of the OnlineDiagnostics (can be obtained free of charge from
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6191AAE

For more information on EMS, check the doc
http://docs.hp.com/hpux/pdf/B6191-90028.pdf

Release notes for STM can be found at
http://docs.hp.com/hpux/onlinedocs/diag/stm/stm_rel.htm

Once you install the diagnostics/support tools, you can use monconfig to modify/add monitors and enable the kind of errors(warning,major,serious,criticall) and the kind of notification (syslog, email) and the user to whom the email is to be sent. Depending on your configuration only critical emails(pertaining to hardware failures) can be sent to your email address.
This way you don't need to write additional scripts to parse log files.

-HTH
Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО09-10-2001 10:31 PM

тАО09-10-2001 10:31 PM

Re: email notification from syslog.conf

Hi Jim,

Although you can set up syslog to do this
type of thing, I agree with Ramesh in that
installing EMS is the way to go. The product
is easy to install and configure, with the
products emphasis on hardware monitoring.
You can also find it on the Application CD
set as well as downloading.

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.