HPE Community
Operating System - HP-UX
1834484 Members
3956 Online
110067 Solutions
New Discussion

logs to check

 
SOLVED
Go to solution
bond007
Advisor

‎01-31-2006 07:31 PM

‎01-31-2006 07:31 PM

logs to check


Hello,

Iam new to HP Unix, could you please suggest the various logs to check in a HP unix server for diagnoizing problems/performance.

Thanks in advance,

Bond.
0 Kudos
Reply
13 REPLIES 13
Tomek Gryszkiewicz
Trusted Contributor

‎01-31-2006 07:36 PM

‎01-31-2006 07:36 PM

Solution

Re: logs to check

The most important are in /var/adm/ and also in root's mail
Reply
MarkSyder
Honored Contributor

‎01-31-2006 07:36 PM

‎01-31-2006 07:36 PM

Re: logs to check

Daily checks:

cd /var/adm
ll btmp (bad login attempts - check in case of people trying to hack into your system)
ll sulog (switch-user log - check in case it grows large and takes up too much space)
ll wtmp (successful user logins)

ll cron (scheduled jobs - log may grow large)
ll lp (print log - may grow large)

cd syslog
ll

Check the size of mail.log in case it grows large.

grep -Ei "warning|error" syslog.log - check for problems in the system log. You may like to read syslog.log to see what (if anything) is going wrong.

Trim syslog.log via SAM every day so you're not reading the same errors the next day.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
Reply
Muthukumar_5
Honored Contributor

‎01-31-2006 07:41 PM

‎01-31-2006 07:41 PM

Re: logs to check

Primary log is,

1) /var/adm/syslog/syslog.log

it may differ based on /etc/syslog.conf

2) dmesg

which is more important.

3) /var/adm/

directory is containing different logs.

--
Muthu
Easy to suggest when don't know about the problem!
Reply
Sivakumar TS
Honored Contributor

‎01-31-2006 07:42 PM

‎01-31-2006 07:42 PM

Re: logs to check


Dear bond,

The /var/adm/syslog/syslog.log has the current log and

/var/adm/syslog/OLDsyslog.log has the previous boot error log.

With Regards,

Siva.
Nothing is Impossible !
Reply
Asif Sharif
Honored Contributor

‎01-31-2006 07:53 PM

‎01-31-2006 07:53 PM

Re: logs to check

Hi,
you can check these logs on periodic basics.

#ll /var/adm
#dmesg
#tail -100f /var/adm/wtmp
#tail -100f /var/adm/btmp
#tail -100f /var/adm/syslog/syslog.log
#tail -100f /var/adm/cron/log
#tail -100f /var/adm/syslog/mail.log

Regards,
Asif Sharif

Regards,
Asif Sharif
Reply
MarkSyder
Honored Contributor

‎01-31-2006 08:01 PM

‎01-31-2006 08:01 PM

Re: logs to check

I would caution against tail -f on these files. This is a dynamic command: i.e. you will see entries as they are added. tail -100f syslog.log will show you errors that have taken place in the last 100 lines and new errors as they happen. What if you had a system error that is 101 lines back in the syslog?

Furthermore, btmp and wtmp are data files, so tail is of limited value on them.

Mark
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
Chan 007
Honored Contributor

‎01-31-2006 08:20 PM

‎01-31-2006 08:20 PM

Re: logs to check

Bond007,

Startup log - /etc/rc.log - provides information regarding system boot related messages.

System log (Provides most of the information) - /var/adm/syslog/syslog.log

Check Dmesg

Check Sulog, wtmp etc from secutiry side.

Chan
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎01-31-2006 08:29 PM

‎01-31-2006 08:29 PM

Re: logs to check

Dear bond,

You can also login to MP and get the logs

forward process log
error log

etc.

With Regards,

Siva.
Nothing is Impossible !
Reply
Bharat Katkar
Honored Contributor

‎01-31-2006 08:32 PM

‎01-31-2006 08:32 PM

Re: logs to check

Would like to add two more:

1. /etc/shutdownlog
2. /var/adm/sw

First one tells you the reason for shutdown and the second one contains different log files for SDUX (Software Management).

Regards,

You need to know a lot to actually know how little you know
0 Kudos
Reply
Indrajit_1
Valued Contributor

‎02-01-2006 06:30 AM

‎02-01-2006 06:30 AM

Re: logs to check

Hi;

#dmesg
#cat /var/adm/syslog/syslog.log
#strings /var/adm/wtmp
#strings /var/adm/btmp
#cat /etc/shutdownlog

etc...


Cheers
Indrajit
Never Ever Give Up
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎02-13-2006 08:34 PM

‎02-13-2006 08:34 PM

Re: logs to check

Hi Bond,

If the machine has STM installed, then you may run cstm --> logtool and collect the event logs.

With Regards,

Siva.
Nothing is Impossible !
Reply
Steven E. Protter
Exalted Contributor

‎02-13-2006 09:18 PM

‎02-13-2006 09:18 PM

Re: logs to check

Shalom bond,

#tail -100f /var/adm/wtmp
#tail -100f /var/adm/btmp

Won't work.

These two files store data in a binary format.

To get meaningful output you should use the last and lastb commands.

To get useful output from these raw files the output needs to be run through strings command.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
shridhar_1
Frequent Advisor

‎02-13-2006 10:37 PM

‎02-13-2006 10:37 PM

Re: logs to check



hi bond

more /var/adm/syslog/syslog.log | grep -i error

more .....| grep -i warn
more ///sylo... | grep -i fail

last -R | more

dmesg

/var/mail/root


hth

shri
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.