HPE Community
Operating System - HP-UX
1838606 Members
3041 Online
110128 Solutions
New Discussion

rotating syslog

 
Eric Hess
Advisor

‎10-14-2002 06:49 AM

‎10-14-2002 06:49 AM

rotating syslog

Anyone have a good working script for rotating syslog. And find the 20 largest files in a directory. Scripting is not my strong point.
I didn't do it. He did!
0 Kudos
Reply
8 REPLIES 8
Robert Gamble
Respected Contributor

‎10-14-2002 06:53 AM

‎10-14-2002 06:53 AM

Re: rotating syslog

To rotate the syslog after reboots without overwriting older logs:

1.Make a back up copy of the /sbin/init.d/syslogd file in a temporary location.
2.Edit the file /sbin/init.d/syslogd
# vi /sbin/init.d/syslogd
3.Locate the line for the ???start??? case. Inside the logic for the start case, there should be a command line of the form
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
4.Change this line to
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log.`date +%b%d%Y_%H%M`
5.Save the file
:wq!
6.During the next reboot, verify that the previous syslog.log in the /var/adm/syslog directory is being backed up as OLDsyslog.log.MDY_HM and not as OLDsyslog.log, where M is the abbreviated month name, D is the date, Y is the year in century format, H is the hour (in 24 hour format) and M is the minute.
7.During multiple reboots, the old syslog files will thus be saved separately each time and not get overwritten. The /var filesystem must therefore be watched for disk space usage over a period of time.

This concludes the task for changing the /sbin/init.d/syslogd file to save old syslog.log files over multiple reboots.

Backout:
1.Restore the /sbin/init.d/syslogd file from the temporary location where it was stored in Step 1 of the above Procedure.
2.During a subsequent reboot of the server, verify that /var/adm/syslog.log is being backed up as /var/adm/syslog/OLDsyslog.log.
0 Kudos
Reply
Ian Dennison_1
Honored Contributor

‎10-14-2002 06:54 AM

‎10-14-2002 06:54 AM

Re: rotating syslog

20 largest files,

ll |sort -r -k5,5 |head -n 20

Share and Enjoy! Ian
Building a dumber user
0 Kudos
Reply
Tibi Baraboi_1
Advisor

‎10-14-2002 06:58 AM

‎10-14-2002 06:58 AM

Re: rotating syslog

For rotating syslogs you must use logrotate . It is a product designed for this.

For finding the bigger 20 files in a directory :

ll /your/directory | sort -r -k 5 | awk -v i=20 '{ if ( i>0 ) print $0 ; i=i-1 }'

Regards,
Tibi Baraboi
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎10-14-2002 07:05 AM

‎10-14-2002 07:05 AM

Re: rotating syslog

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/logrotate-2.5/


live free or die
harry
Live Free or Die
0 Kudos
Reply
Jordan Bean
Honored Contributor

‎10-14-2002 12:02 PM

‎10-14-2002 12:02 PM

Re: rotating syslog


I like to break up the syslog facilities into separate log files. The syslog.conf will look like this:

kern.debug /var/adm/syslog/kern.log
user.debug /var/adm/syslog/user.log
mail.debug /var/adm/syslog/mail.log
daemon.debug /var/adm/syslog/daemon.log
auth.debug /var/adm/syslog/auth.log
syslog.debug /var/adm/syslog/syslog.log
lpr.debug /var/adm/syslog/lpr.log
news.debug /var/adm/syslog/news.log
uucp.debug /var/adm/syslog/uucp.log
cron.debug /var/adm/syslog/cron.log
local0.debug /var/adm/syslog/local0.log
local1.debug /var/adm/syslog/local1.log
local2.debug /var/adm/syslog/local2.log
local3.debug /var/adm/syslog/local3.log
local4.debug /var/adm/syslog/local4.log
local5.debug /var/adm/syslog/local5.log
local6.debug /var/adm/syslog/local6.log
local7.debug /var/adm/syslog/local7.log
*.emerg *
*.alert root

I use a posix shell script to locate each log file in a specified directory, move it into a date structured tree (.../OLD/facility/YYYY/MM/DD.HHMMSS), touch a new log file, and send SIGHUP to syslogd when all files have been rotated. The script is attached. It is run by root cron one minute before midnight every day.
0 Kudos
Reply
Anonymous
Not applicable

‎10-15-2002 12:29 AM

‎10-15-2002 12:29 AM

Re: rotating syslog

20 biggest files:

big:
#!/sbin/sh
du -sk $1 | sort -rn | head -20
#The End.

example:
$ big *og*
10611 XtermLog.23068
4845 XtermLog.16187
3583 XtermLog.20340
2898 XtermLog.01600
369 XtermLog.24973
330 XtermLog.23379
...

0 Kudos
Reply
Clemens van Everdingen
Honored Contributor

‎10-15-2002 12:33 AM

‎10-15-2002 12:33 AM

Re: rotating syslog

Hi,

See on this link:
http://www.introcomp.co.uk/examples/index.html

lots of examples.

C.
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
0 Kudos
Reply
Phillip Renner
Advisor

‎10-15-2002 09:32 AM

‎10-15-2002 09:32 AM

Re: rotating syslog

Here's what I run in a weekly script. It copies the syslog file to a weekly file and zero's out the syslog.log. I would recommend against moving the syslog.log as in my experience the syslogd will start copying to the place where you moved the syslog.log to.

datetest=`date +%A`
date=Friday
if [[ $datetest = $date ]]
then
cp /var/adm/syslog/syslog.log /var/adm/syslog/syslog.log`date '+%d.%m.%y_%H:%M'`
>/var/adm/syslog/syslog.log
echo "-------------The syslog has been moved and reduced------------------" >> datafile
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.