HPE Community
Operating System - HP-UX
1855076 Members
26718 Online
104109 Solutions
New Discussion

Re: Enterpreting, System Log files,,,

 
Shahbaz_1
Regular Advisor

‎08-06-2002 06:13 PM

‎08-06-2002 06:13 PM

Enterpreting, System Log files,,,

Hi Friends,
When we look at syslog.log file, what are key-words should be searched, for any errors, or warning, words like "error", "warning" etc.

- most of the time, I find the following message in our system's logfile,

'rcpbind: cannot accept connection: bad call sequence number'
-What this message is trying to say?

And do we need to look at other system log files, apart from syslog.log?

Thanks


Regards
Shah





Let's share the great thing "THE KNOWLEDGE"
0 Kudos
Reply
9 REPLIES 9
Michael Tully
Honored Contributor

‎08-06-2002 06:37 PM

‎08-06-2002 06:37 PM

Re: Enterpreting, System Log files,,,

Hi Shah,

There are a few logs files on your system that should be noted, viewed actioned if necessary.

/var/adm/syslog/syslog.log
/var/adm/syslog/OLDsyslog.log (previous system log)
/var/adm/sulog
/var/mail/root (root's mail)
dmesg
/var/opt/resmon/log/event.log
/etc/rc.log (after reboots)
/etc/shutdownlog (after any outage/reboot)
application log files that your responsible for.

Not sure about this particular message, although it indicates a possible bad connection via a socket.

Michael
Anyone for a Mutiny ?
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎08-06-2002 07:59 PM

‎08-06-2002 07:59 PM

Re: Enterpreting, System Log files,,,

Though I agree there's a lot to go through in syslog.log file, I usually ended up viewing the whole file page by page anyway during troubleshooting because you can't simply cover all the "search-and-check" based on keywords. Just take the "rpcbind" example, you may in this case include "bad" as one of the keyword. Unless you have seen it all, keyword search in syslog.log just simply cannot guarantee all errors will be filtered.

The rpcbind message that you see is not abnormal. It's probably created when an existing rpc connection was reset by the source, maybe due to bad connection, bad program calls, etc. If you see too many of these, you may want to occasionally cleanup/reset your rpc.lockd. That simply involves renaming /var/statmon/sm and /var/statmon/state and stop/start rpc.lockd and rpc.statd processes.

The syslog.log and "dmesg" output are 2 most important logs (in my opinion), the rest will epends on what you're looking for. For example if you want to look at SAM related log files it would be in /var/sam/log/samlog If it's glance, it's in /var/opt/perf. If it's startup scripts error it's /etc/rc.log. Like I say it depends on what you're looking for.
0 Kudos
Reply
Fragon
Trusted Contributor

‎08-06-2002 08:03 PM

‎08-06-2002 08:03 PM

Re: Enterpreting, System Log files,,,

Just three other key-words I often used:
no & not & full

-Gerald-
0 Kudos
Reply
Shahbaz_1
Regular Advisor

‎08-06-2002 10:17 PM

‎08-06-2002 10:17 PM

Re: Enterpreting, System Log files,,,

Thanks, everybody for your informative inputs.

I've a query, though very simple, (I am new to the world of unix-admin).

-- How to enable, the telnet logging information to syslog.log file?

I see whenever any user ftp to unix-server, syslog.log reports about it. But not in case of telnet. Or is there any other file which maintains this information?

How to maintain the logging of every action, like 'cp' 'rm' 'mv' etc?

Please ..

Regards
Shah

Let's share the great thing "THE KNOWLEDGE"
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎08-06-2002 10:35 PM

‎08-06-2002 10:35 PM

Re: Enterpreting, System Log files,,,

You can search words like

alert
error
warning
scsi
event
POWERFAILED

you can enable telnet messages to syslog by changing the entry in the /etc/inetd.conf
file as
//
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -l
//
(the line already exists in the inetd.conf file.Just add "-l" at the end to enable logging.

re-read the file using
/usr/sbin/inetd -c


By enabling auditing on the machine you can monitor all user activities.

THanks
0 Kudos
Reply
Shahbaz_1
Regular Advisor

‎08-07-2002 02:01 AM

‎08-07-2002 02:01 AM

Re: Enterpreting, System Log files,,,

Hi Manikandan,

I added -l in inetd.conf file at the end and re-read the file using,
/usr/sbin/inetd -c
but telnet session, is not logging to syslog.log file?

What could be the problem?

Regards
Shah
Let's share the great thing "THE KNOWLEDGE"
0 Kudos
Reply
Carla Breuer
Frequent Advisor

‎08-07-2002 03:14 PM

‎08-07-2002 03:14 PM

Re: Enterpreting, System Log files,,,

Hi Shah!
I have had the same problem here. It was the tape drive. We replaced the tape drive and all is well. Get a new one!

Thanx,

Carla
0 Kudos
Reply
Carla Breuer
Frequent Advisor

‎08-07-2002 03:15 PM

‎08-07-2002 03:15 PM

Re: Enterpreting, System Log files,,,

Ok, so I replied to the wrong message. OOPS!

Sorry,

Carla
0 Kudos
Reply
Michael Tully
Honored Contributor

‎08-07-2002 04:27 PM

‎08-07-2002 04:27 PM

Re: Enterpreting, System Log files,,,

Hi Shah,

In answer to your question about telnet logging, if you really want to do this into the /var/adm/syslog/syslog.log file you could run your 'inetd' daemon with the '-l' switch which will log the information for you.

Modify this file.
/etc/rc.config.d/netdaemons

Change this line from this
export INETD_ARGS=

to this
export INETD_ARGS= -l

Restart the 'inetd' daemon

Cheers
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.