HPE Community
Operating System - HP-UX
1834804 Members
3036 Online
110070 Solutions
New Discussion

Re: messages to syslog

 
Shelley_8
New Member

‎05-28-2003 03:43 AM

‎05-28-2003 03:43 AM

messages to syslog

Hi.

We are using Tivoli to monitor our HPs.
We are looking for somewhere to get the syntax of the messages sent to the syslog by the OS.
For example: hardware problems, lvm, kernel etc. We need this for filtering and parsing the messages, so that the admin at the Tivoli console will get the important and focused info. If anyone knows where we can get stuff like this, or has written rules for parsing events sent to the syslog - we would love to know.

Thanks, Shelley.
0 Kudos
Reply
9 REPLIES 9
Pete Randall
Outstanding Contributor

‎05-28-2003 03:45 AM

‎05-28-2003 03:45 AM

Re: messages to syslog

Shelley,

Doesn't Tivoli have this type of information? With the price of Tivoli, I would expect them to help you get things set up, too.


Pete

Pete
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎05-28-2003 03:49 AM

‎05-28-2003 03:49 AM

Re: messages to syslog

Hi,
run syslogd with -d option, it runs in debugging mode, where u can watch the facility and priorities.

hope this link may help u.
http://userpages.umbc.edu/~jack/ifsm498d/syslog.html

Regards
Never Say No
0 Kudos
Reply
Jarle Bjorgeengen
Trusted Contributor

‎05-28-2003 03:51 AM

‎05-28-2003 03:51 AM

Re: messages to syslog

Absolutely agree.

Tivoli should have some doc on how to parse log files, and the syntax to tell the agents what to look for in the logs.

Rgds Jarle
0 Kudos
Reply
Paddy_1
Valued Contributor

‎05-28-2003 04:54 AM

‎05-28-2003 04:54 AM

Re: messages to syslog

I believe you are looking for sending messages to the syslog and hence the syntax question.

Try using /usr/sbin/logger.

The logger command provides a shell command interface to the syslogd daemon.


man logger for more info and see if this helps
The sufficiency of my merit is to know that my merit is NOT sufficient
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎05-28-2003 06:03 AM

‎05-28-2003 06:03 AM

Re: messages to syslog

See man 3 syslog for the format info. The C includes used are listed there.

HTH
mark
the future will be a lot like now, only later
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-28-2003 06:07 AM

‎05-28-2003 06:07 AM

Re: messages to syslog

The basic format (ie, date/time, host, message) is well defined although syslogd -v will add an additional field that shows the facility and priority. However, the message portion is not defined by syslogd but by the program that called syslogd and that means hundreds to thousands of different messages, all unique to the source program.

In general, you'll need to watch the syslog.log file for a while and setup rules based on what you see. And of course, the existence of some messages is controlled by /etc/syslog.conf which can cause some low importance messages to be ignored. Use logger to test how syslog.conf is working.

As mentioned, Tivoli is a very expensive monitoring system and their support should provide lots of templates and recommendations for syslog rules.


Bill Hassell, sysadmin
0 Kudos
Reply
Shelley_8
New Member

‎05-28-2003 11:00 PM

‎05-28-2003 11:00 PM

Re: messages to syslog

Thank you everyone for answering, but I'm looking for something else. How to parse the events in general we know. But to parse the actual message (not just "date lvm: message" for example) we need the syntax of the messages sent. These come from the HP programs that send these messages. I'm sure somewhere in HP they know what they send...

For example:
I would like to get a message about
"... vmunix: ... vx_nospace ... file system full ..."
but I wouldn't like to get ALL messages that start with "vmunix:". To do this I'd have to know the exact syntax of the message sent (file system full). I can wait and collect each time a message gets to the syslog... But if I could get some kind of mapping for all messages that HP send to the syslog (or at least some) that would be very helpful.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-29-2003 05:03 AM

‎05-29-2003 05:03 AM

Re: messages to syslog

No such list exists. The best you can do is to run the strings command on all the daemons and subsystem components. And the real problem is that the messages are a moving target. A new patch or revision may change the format of the message. Although syslog calls do have the option to display the source program, some ignore the option and just appear in syslog. This is often common with 3rd party application programs.

Probably the easiest method is to create a syslog filter script that ignores uninteresting and currently tagged messages and shows the rest. As you add rules to the Tivoli code, change the filter program to ignore those messages and you'll get just the ones that need a decision.


Bill Hassell, sysadmin
0 Kudos
Reply
Rick Connelly_2
New Member

‎05-29-2003 11:40 AM

‎05-29-2003 11:40 AM

Re: messages to syslog


Shelley, you should be able
to use some sort of regular
exprssion matching, even
if it's a simple as

*vmunix*

I do the same monitoring
with perl scripts.
You should be able to scan
through syslog.log for any
entry that contains "vmunix"
and page out immediately

To prevent all of the boot
entries from paging, I added the following to my boot scripts

perl -p -i -e 's/vmunix/Vmunix' /var/adm/syslog/syslog.log

This modifies all boot up entries, so you don't page for
startup messages.

But every monitoring tool that I have seen, does this easily
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.