- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Log management in HP-UX
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 07:03 AM
тАО03-09-2010 07:03 AM
I am new to HP-UX.
I would like to know the log management in HP-UX.
I know followings about log management.
1)About Syslog:
There is two log files are available for syslog.
i)OLDsyslog.log
ii)syslog.log
Syslog.log is current file and OLDsyslog.log is old file.
Now I have some questions on syslog:
1.1)When (how many days once) the log are being transfered from syslog.log to OLDsyslog?
1.2)On of my HP-UX server (HP-UX 11.11) has no data with in OLDsyslog.log, example:
# ll OLDsyslog.log
-rw-r--r-- 1 root sys 0 Mar 4 00:01 OLDsyslog.log
But it has six syslog files, I think log rotation has been done, but I dont know how they (pervious unix admin) done this.
Example:
-rw-r--r-- 1 root sys 1119967 Mar 4 08:29 syslog.log
-rw-r--r-- 1 root sys 3222700 Mar 4 00:01 syslog.log.1
-rw-r--r-- 1 root sys 89506 Aug 7 2008 syslog.log.1.orig.gz
-rw-r--r-- 1 root sys 4168313 Mar 3 00:01 syslog.log.2
-rw-r--r-- 1 root sys 105763 Nov 22 10:30 syslog.log.2.gz
-rw-r--r-- 1 root sys 3989978 Mar 2 00:01 syslog.log.3
-rw-r--r-- 1 root sys 238659 Nov 22 00:01 syslog.log.3.gz
-rw-r--r-- 1 root sys 3092849 Mar 1 00:01 syslog.log.4
-rw-r--r-- 1 root sys 247459 Nov 21 00:01 syslog.log.4.gz
-rw-r--r-- 1 root sys 2993922 Feb 28 00:01 syslog.log.5
-rw-r--r-- 1 root sys 229038 Nov 20 00:01 syslog.log.5.gz
-rw-r--r-- 1 root sys 3373747 Feb 27 00:01 syslog.log.6
-rw-r--r-- 1 root sys 251639 Nov 19 00:01 syslog.log.6.gz
How to find that why the OLDsyslog.log has no entries, and instead how the six syslog.log files are available?
So I have two questions:
1.1)When (how many days once) the log are being transfered from syslog.log to OLDsyslog?
1.2)How to find that why the OLDsyslog.log has no entries, and instead how the six syslog.log files are available?
Solved! Go to Solution.
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 07:09 AM
тАО03-09-2010 07:09 AM
SolutionHope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 07:20 AM
тАО03-09-2010 07:20 AM
Re: Log management in HP-UX
Check your root cron jobs for something like 'logrotate'. If it is there then you can look at the logrotate script and configuration files to determine what it is doing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 07:25 AM
тАО03-09-2010 07:25 AM
Re: Log management in HP-UX
As per normal behaviour it doesn't goes by days, when ever syslogd demons has been restarted either by reboot or syslod deamon restarted it will automatically rename or move existing syslog.log to OLDsyslog.log and new "syslog.log" has been created.
>>1.2)How to find that why the OLDsyslog.log has no entries, and instead how the six syslog.log files are available?<<<
This realy depends on scripts which in the server which is creating "Six....etc. syslog"
HTH,
Johnson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 03:30 PM
тАО03-09-2010 03:30 PM
Re: Log management in HP-UX
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1412369
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 07:58 PM
тАО03-09-2010 07:58 PM
Re: Log management in HP-UX
when ever the syslogd daemon are restarted ,, due to reboot or shutdown u will have oldsyslog.log...
if u have any test servers try to see the difference by rebooting or stopping syslogd daemon,,, but both entries will be in syslog.
regards
MC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-10-2010 07:02 AM
тАО03-10-2010 07:02 AM
Re: Log management in HP-UX
I have found following entries in /etc/syslog.conf file.
#############################################
mail.debug /var/adm/syslog/mail_log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
mail.alert /var/adm/syslog/mail_log
mark.debug /var/adm/syslog/mark_log
kern.info /var/adm/syslog/kern_log
user.info /var/adm/syslog/user_log
daemon.alert /var/adm/syslog/daemon_log
auth.info /var/adm/syslog/auth_log
lpr.info /var/adm/syslog/lpr_log
security.info /var/adm/syslog/security_log
#############################################
Could you please explain the purpose of each line in detail?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-10-2010 08:05 AM
тАО03-10-2010 08:05 AM
Re: Log management in HP-UX
However, 'man syslogd' should answer your questions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 04:37 AM
тАО03-11-2010 04:37 AM
Re: Log management in HP-UX
I have learned some information about syslog.
The syslogd command reads and logs messages into a set of files described by the configuration file /etc/syslog.conf.
Normally only the log files available in /var/adm/syslog directory are configure in /etc/syslog.conf.
So if we stop the syslog daemon the log files available in /var/adm/syslog will not get updated. But all other logs (cron , sulog, automount log) will get updated, am i correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 05:05 AM
тАО03-11-2010 05:05 AM
Re: Log management in HP-UX
NO
syslog.log -> (for system related logs,but some normal entry will added for daemons like,crond,inetd,ftpd,automout...etc) but in details logging are printed for cron,su,automount, see below locattions).
cron log -> ( /var/adm/cron/log -> crontab
su log -> switch user logs (/var/adm/sulog)
automount log -> /var/adm/automount.log
so in-short all (cron,su,automount) have there own logging file,
so if restart "syslogd" you can see OLDSyslog.log & syslog.log will only updated not others.
HTH,
Regards,
Johnson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 05:37 AM
тАО03-11-2010 05:37 AM
Re: Log management in HP-UX
# man syslogd
The syslogd command reads and logs messages into a set of files described by the configuration file /etc/syslog.conf.
Normally we have not configured any entries to log the activities of cron , sulog , wtmp and automount.log in /etc/syslog.conf.
1)so that, will it prevent from logging the activities of cron , sulog , wtmp and automount.log in to their respective log files?
2)If yes, why the files are not created like OLDcron.log, OLDautomout.log while restarting syslog?
3)If no, will no logs be created (syslog, cron , sulog, wtmp and etc.,) if we have stopped syslog?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 05:51 AM
тАО03-11-2010 05:51 AM
Re: Log management in HP-UX
becoz when you restart the "sylogd" as below, it will only created for OLDSyslog.log also syslogd -> dameons which writes its own information to "syslog.log" file, it should not write to OLDcron,OLDautomout.log
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
Hope you can test above in any of your test servers. to clear doubts :)
Also you can refer to your posting
>>>I have found following entries in /etc/syslog.conf file.
#############################################
mail.debug /var/adm/syslog/mail_log
*.info;mail.none /var/adm/syslog/syslog.log
look at the syslog.conf file -> pointing to /var/adm/syslog/syslog.log
mail -> pointing to /var/adm/syslog/mail.log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 07:01 AM
тАО03-11-2010 07:01 AM
Re: Log management in HP-UX
I have tested in my test server.
I would like to know whether the logs for cron , sulog, wtmp, automount.log will be created while syslogd is down.
So firs I have down the syslogd.
# /sbin/init.d/syslogd stop
syslogd stopped
After that no logs are created with in /var/adm/syslog/syslog.log but at the same time logs are being created in /var/adm/cron/log , /var/adm/sulog and /var/adm/wtmp.
So I come to conclusion that if we have stop the syslogd then it will not create any logs to the files available under /var/adm/syslog (all the files configured in /etc/syslog.conf) but at the same time other logs (cron, sulog, wtmp) will be created. am i correct because i want to double check with you?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 07:28 AM
тАО03-11-2010 07:28 AM
Re: Log management in HP-UX
No logs configured in syslog.conf will write when the syslogd daemon is down.
The data may be queued, you will have to test that.
But syslogd daemon is something you want up and running all the time.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 07:33 AM
тАО03-11-2010 07:33 AM
Re: Log management in HP-UX
All the activities of starting and stopping the services (like nfs.server and nfs.client) will be in to which file because just for testing i have stopped and started again nfs.server and nfs.client but no logs are created for this activity in /var/adm/syslog/syslog.log?
Could you please clarify me about what are the service will be logged while start and stop and which file?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 07:58 AM
тАО03-11-2010 07:58 AM
Re: Log management in HP-UX
All the activities of starting and stopping the services (like nfs.server and nfs.client) will be in to which file because just for testing i have stopped and started again nfs.server and nfs.client but no logs are created for this activity in /var/adm/syslog/syslog.log?
>>>
All services configured to be logged in syslog will be logged with start and stop messages. But it depends how the service is configured where and how they log. apache is not going to log in syslog at all. It has its own log.
This varies application to application.
>>>>
Could you please clarify me about what are the service will be logged while start and stop and which file?
How the service will be logged depends on two factors:
1) syslog.conf configuration.
2) How the service is written. NFS does log to syslog.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 11:00 AM
тАО03-11-2010 11:00 AM
Re: Log management in HP-UX
1)wtmp or wtmps
2)btmp or btmps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 11:01 AM
тАО03-11-2010 11:01 AM
Re: Log management in HP-UX
1)wtmp or wtmps
2)btmp or btmps
Since my HP-UX server is having both wtmp & wtmps and btmp & btmps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 11:06 AM
тАО03-11-2010 11:06 AM
Re: Log management in HP-UX
> which one is correct? 1)wtmp or wtmps 2)btmp or btmps
If you have the "*s" named file on your server you're running 11.23 or later and that's the file that you want to analyze.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 11:09 AM
тАО03-11-2010 11:09 AM
Re: Log management in HP-UX
Just checked an 11.31 system.
They have both files but one one is active.
root@mngp01:/var/adm # ll wtmp*
-rw-rw-r-- 1 adm adm 11400 Feb 3 16:23 wtmp
-rw-rw-r-- 1 adm adm 144744 Mar 11 13:06 wtmps
-rw-r--r-- 1 root sys 280 Jan 8 16:50 wtmpx
root@mngp01:/var/adm # ll btmp*
-rw------- 1 root other 0 Mar 8 2009 btmp
-rw------- 1 root other 11084 Feb 25 17:04 btmps
The btmp on this file is zero bytes because almost nobody logs into it.
See the dates for which file is active.
Your mileage may vary on earlier releases of HP-UX.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 05:24 AM
тАО04-15-2010 05:24 AM
Re: Log management in HP-UX
ll /var/adm/*.log
These files are not part of a standard syslog setup. What happens in syslog.log is controlled completely by the /etc/syslog.conf file. The facilities and levels of reporting are defined in that file.
There is nothing in standard HP-UX that will rotate the logs except a reboot (or more accurately, running the startup script
/sbin/init.d/syslog start
will move the current lof to OLDsyslog.log and start a new syslog.log.
As mentioned above, the other copies of syslog.log have been created by a custom script or program byu the previous administrator. Based on the time stamps, this is done at 1 minute after midnight so you'll likely find a script or program running at midnight that performs this task.
Also based on the files you see, the script has an error: in November, it rotated the logs and compressed them (*.gz) but in February and March, it did not compress them. So the script needs repair.
Also, your syslog.conf file creates a duplicate entry in syslog.log and each of these facility logs:
mark, kern, user, daemon, auth, lpr, security
And there is no security facility (see man 3c syslog). I think what you want is to remove noisy messages from syslog and move them to separate logs, like this:
# Use only tabs, not spaces
#
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice /var/adm/syslog/syslog.log
#
mail.debug /var/adm/syslog/mail.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
daemon.info /var/adm/syslog/daemon.log
kern.info /var/adm/syslog/kern.log
lpr.info /var/adm/syslog/lpr.log
#
*.alert /dev/console
*.alert root
*.emerg *
I have rearranged the lines to make it a bit more readable. The first line states what will (and will not) go into syslog.log. So it says that:
-- All messages with info level or higher
-- No messages from mail, local, auth, user or local5
-- daemon and kern messages at notice level and higher
Then, each of next lines are facilities that are logged into different files. local5 is for ftp messages from ftpd.
The last 3 lines state that alert (and higher) are sent to /dev/console and all logged in root users, while emerg level messages are sent to all logged in users.
NOTE: The syslog.conf file is the only file in Unix that does not work with spaces!! Any line with a space anywhere on the line becomes a comment, so the file must look like this when you use cat -tv:
# cat -tv /etc/syslog.conf
*.info;mail.none;local5.none;auth.none;user.none;lpr.none;kern.notice;daemon.notice^I/var/adm/syslog/syslog.log
mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
lpr.info^I/var/adm/syslog/lpr.log
user.info^I/var/adm/syslog/user.log
kern.info^I/var/adm/syslog/kern.log
daemon.info^I/var/adm/syslog/daemon.log
*.alert^I^I/dev/console
*.alert^I^Iroot
*.emerg^I^I*
The ^I is the tab character. If any line has a space, the entire line is silently ignored.
When you edit this file, use the vi command :set list to see the tabs as ^I.
One other change is for NTP (Network Time Protocol). The default is to log to syslog but it doesn't have its own facility name, so I change /etc/rc.config.d/netdaemons to start xntpd with the option: -l /var/adm/ntp.log:
export NTPDATE_SERVER=us.pool.ntp.org
export XNTPD=1
export XNTPD_ARGS="-l /var/adm/ntp.log"
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 05:51 AM
тАО04-15-2010 05:51 AM
Re: Log management in HP-UX
I take issue with a few things:
I am new to HP-UX.
You really aren't so new any more. You have been posting questions here for quite some months. I assume the solutions you are getting are sticking and effective or you would not come back.
Logrotate is available for HP-UX. It is very old and cranky and does not do a terrific job.
Your system has the looks of having logroate run on it, which can be done with the depot or a series of scripts home grown.
Looks like a bit of hacking was done on the standard syslog configuration as well. Look there and you will find variances with other hpux systems you have available to you.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2014 02:53 AM
тАО07-15-2014 02:53 AM
Re: Log management in HP-UX
where do we find oldsyslog.log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2014 02:58 AM
тАО07-15-2014 02:58 AM
Re: Log management in HP-UX
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
