GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: managing the syslog file
Operating System - HP-UX
1850763
Members
3267
Online
104055
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Knowledge Base
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2003 05:45 AM
01-08-2003 05:45 AM
managing the syslog file
How do i manage to get ftp messages and nfs messages out of my syslog file and into they're own logfiles ? I has to do something with the syslog.conf file that much i know but what syntaxes i have to use and why i cant phantom.
After getting through piles of calls in the solution database of hp i thought let's try the forums.
So if there's anyone out there who can help i would appreciate it. 8)
After getting through piles of calls in the solution database of hp i thought let's try the forums.
So if there's anyone out there who can help i would appreciate it. 8)
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2003 05:55 AM
01-08-2003 05:55 AM
Re: managing the syslog file
Hi
please look at this doc .
the easy way is to do man to syslog.conf file .
here is the doc .
Have you ever seen a message in /var/adm/syslog/syslog.log and wished that
something special could be done when it occurs? The messages in the syslog.log
file are written by the syslogd(1m) daemon. Syslogd is started at boot up and
can be configured to handle messages differently.
Syslogd reads and logs messages into a set of files described by the
configuration file /etc/syslog.conf. The syslog.conf file can be configured by
the system administrator to do special handling for messages. Messages can be
routed to a logfile, another host, the terminals of specified users or sent to
all users.
Messages are identified by facility and level. If special handling is desired
for a message that is already being routed to syslog the facility and level of
the message must be identified. This can be accomplished by running syslogd in
debug mode.
Run syslog in debug mode by killing the running syslogd daemon and starting it
with /usr/sbin/syslogd -d. This will result in a continuous scrolling
display to the terminal syslogd was just started from.
Look at the "pri" field in the output that scrolls to the screen. The first
character is the facility and the second is the level. The file
/usr/include/syslog.h contains the translations for the fields.
Let's say the following syslogd debug output shows the message in question.
got a message (1, 0x8)
logmsg: pri 47, flags 0, from nitro, msg Apr 10 09:56:55 : LOGIN:
pam_authenticate error
readfds = 0x68 0x3 0x5 0x6
The facility is 4 so it corresponds to the following line in
/usr/include/syslog.h:
#define LOG_AUTH (4<<3) /* security/authorization messages */
The facility for this message is "auth". The level is 7 which equates to
"debug". This was determined from the following line in syslog.h:
#define LOG_DEBUG 7 /* debug-level messages */
Kill syslogd from another terminal and restart it without the "-d" option to
stop the scrolling display.
Once the facility and level of the message has been found it is just a matter
of configuring /etc/syslog.conf. For information on making the modifications
refer to the man page for syslogd(1M) but here is a quick example.
To route the message above to an additional file add the following lines to the
syslog.conf file:
auth.debug /var/adm/authrequests.log
auth.debug /var/adm/syslog/syslog.log
Now, just have syslogd reread its configuration file to put the changes in
effect. Use the following command:
kill -HUP `cat /var/run/syslog.pid`
NOTE: The fields are seperated by tabs and not spaces. If spaces included it
won't work.
The logger(1) command can be useful for testing the modifications.
The following example shows how to direct messages to a file other than
syslog.log.
First, add "user.none" to the line in syslog.conf that directs messages to
syslog.log. This prevents any messages with facility "user" from being written
to syslog.log.
*.info;mail.none;user.none /var/adm/syslog/syslog.log
Second, add a line to syslog.conf to send the messages to another file.
This "user.info" line causes all facility "user" messages with a level greater
than or equal to "info" to be logged to syslog.notice. The only level lower
than info is debug.
user.info /var/adm/syslog/syslog.notice
please look at this doc .
the easy way is to do man to syslog.conf file .
here is the doc .
Have you ever seen a message in /var/adm/syslog/syslog.log and wished that
something special could be done when it occurs? The messages in the syslog.log
file are written by the syslogd(1m) daemon. Syslogd is started at boot up and
can be configured to handle messages differently.
Syslogd reads and logs messages into a set of files described by the
configuration file /etc/syslog.conf. The syslog.conf file can be configured by
the system administrator to do special handling for messages. Messages can be
routed to a logfile, another host, the terminals of specified users or sent to
all users.
Messages are identified by facility and level. If special handling is desired
for a message that is already being routed to syslog the facility and level of
the message must be identified. This can be accomplished by running syslogd in
debug mode.
Run syslog in debug mode by killing the running syslogd daemon and starting it
with /usr/sbin/syslogd -d. This will result in a continuous scrolling
display to the terminal syslogd was just started from.
Look at the "pri" field in the output that scrolls to the screen. The first
character is the facility and the second is the level. The file
/usr/include/syslog.h contains the translations for the fields.
Let's say the following syslogd debug output shows the message in question.
got a message (1, 0x8)
logmsg: pri 47, flags 0, from nitro, msg Apr 10 09:56:55 : LOGIN:
pam_authenticate error
readfds = 0x68 0x3 0x5 0x6
The facility is 4 so it corresponds to the following line in
/usr/include/syslog.h:
#define LOG_AUTH (4<<3) /* security/authorization messages */
The facility for this message is "auth". The level is 7 which equates to
"debug". This was determined from the following line in syslog.h:
#define LOG_DEBUG 7 /* debug-level messages */
Kill syslogd from another terminal and restart it without the "-d" option to
stop the scrolling display.
Once the facility and level of the message has been found it is just a matter
of configuring /etc/syslog.conf. For information on making the modifications
refer to the man page for syslogd(1M) but here is a quick example.
To route the message above to an additional file add the following lines to the
syslog.conf file:
auth.debug /var/adm/authrequests.log
auth.debug /var/adm/syslog/syslog.log
Now, just have syslogd reread its configuration file to put the changes in
effect. Use the following command:
kill -HUP `cat /var/run/syslog.pid`
NOTE: The fields are seperated by tabs and not spaces. If spaces included it
won't work.
The logger(1) command can be useful for testing the modifications.
The following example shows how to direct messages to a file other than
syslog.log.
First, add "user.none" to the line in syslog.conf that directs messages to
syslog.log. This prevents any messages with facility "user" from being written
to syslog.log.
*.info;mail.none;user.none /var/adm/syslog/syslog.log
Second, add a line to syslog.conf to send the messages to another file.
This "user.info" line causes all facility "user" messages with a level greater
than or equal to "info" to be logged to syslog.notice. The only level lower
than info is debug.
user.info /var/adm/syslog/syslog.notice
love computers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2003 06:02 AM
01-08-2003 06:02 AM
Re: managing the syslog file
you can modify /etc/ientd.conf
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
The ftp line displayed above can be changed to reduct logging. I think removing the -l will reduce ftp logging. Someone should verify this, I can't play with my servers today and check the logging.
Having this logging information is kind of important from a security standpoint. If there is unauthorized ftp or nfs access from within the organiztion or without, the syslog file is important.
What you could do is have cron regularly archive the file out to another filesytem and reset it. Our cron schedule does it once a week, otherwise the file become unmanagably large.
inetd -k will kill the inet daemon followed by a inetd -c to restart it. You might be able to skip the first step. Again one of my colleagues should confirm this.
Steve
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
The ftp line displayed above can be changed to reduct logging. I think removing the -l will reduce ftp logging. Someone should verify this, I can't play with my servers today and check the logging.
Having this logging information is kind of important from a security standpoint. If there is unauthorized ftp or nfs access from within the organiztion or without, the syslog file is important.
What you could do is have cron regularly archive the file out to another filesytem and reset it. Our cron schedule does it once a week, otherwise the file become unmanagably large.
inetd -k will kill the inet daemon followed by a inetd -c to restart it. You might be able to skip the first step. Again one of my colleagues should confirm this.
Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2003 06:19 AM
01-08-2003 06:19 AM
Re: managing the syslog file
Hi,
In the ftp case on HP-UX 11 you can **add** "-l" option inside of /etc/inetd.conf file in the ftp service definition, i.e:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -any_other_options
After this change you must reload the Internet daemon by the command: #inetd -c
This mean that any ftp activity will be loged inside of /var/adm/syslog/xferlog. This depend at time of the definition of "log transfers" definition inside of /etc/ftpd/ftpaccess. For more info "man ftpaccess". This is a direct consequence of activating the wu_ftp implementation whose main characteristic is to reinforce the security of the ftp service.
In HP-UX 10.20 wu_ftpd is not shipped by default in the hosts, you must be download first from a HP port and then configurated.
Rgds.
In the ftp case on HP-UX 11 you can **add** "-l" option inside of /etc/inetd.conf file in the ftp service definition, i.e:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -any_other_options
After this change you must reload the Internet daemon by the command: #inetd -c
This mean that any ftp activity will be loged inside of /var/adm/syslog/xferlog. This depend at time of the definition of "log transfers" definition inside of /etc/ftpd/ftpaccess. For more info "man ftpaccess". This is a direct consequence of activating the wu_ftp implementation whose main characteristic is to reinforce the security of the ftp service.
In HP-UX 10.20 wu_ftpd is not shipped by default in the hosts, you must be download first from a HP port and then configurated.
Rgds.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP