Re: syslog does wierd things

Donny Jekels · ‎03-31-2003

ok,

I am running 11.0 and syslog config is below.

# cat /etc/syslog.conf
# @(#) $Revision: 74.1 $
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
# Date of changes : 03/23/2003
#
# Route all messages to central log server for processing
# this is the log server
# *.emerg;*.alert;*.crit;*.error;*.warning;*.notice;*.info;*.debug @someserver

# the next line is the standard for all none log servers
#*.info;mail.none;*.alert;*.emerg /var/adm/syslog/syslog.log
*.emerg;mail.none;*.alert;*.crit;*.error;*.warning;*.notice;*.info;*.debug /var/adm/syslog/syslog.log

#
# mail debug log file
#
mail.debug /var/adm/syslog/mail.log

#
# send alerts to root's email account and flush to console
#
*.alert root
*.alert /dev/console

===================
that is the syslog.conf

my dirs - var/adm/syslog permissions are fine and they belong to bin:bin

when I restart syslog, the syslog.log file appears in the /var/adm/syslog directory but with permissions r------- (400) for syslog.log.

and although the file is listed,

when I want to tail it I get this.
------
# tail -f /var/adm/syslog/syslog.log
tail: cannot open input
error: No such file or directory on file /var/adm/syslog/syslog.log
#

and nothing seem to be going in the file.
is there a patch for this condition?

------

"Vision, is the art of seeing the invisible"

Ross Zubritski · ‎03-31-2003

My perms are as follows:

-rw-r--r-- 1 root root 50003 Mar 31 11:53 syslog.log

Regards,

RZ

Donny Jekels · ‎03-31-2003

RZ,

I reset them manually to 644 and when I restart syslogd they go back to 400, then I cna't access the file.

"Vision, is the art of seeing the invisible"

S.K. Chan · ‎03-31-2003

Take a look at /sbin/init.d/syslogd, I believe the permission or syslog.log is set here (using umask statement) everytime syslogd is invoked. All you have to do is add a chmod line to change it to 644 when syslogd starts up. I recall a similar thread about this, you may want to search the forum with syslog.log+permission keyword.

Ross Zubritski · ‎03-31-2003

Here is mine:

mask=`umask`
umask 022
> /var/adm/syslog/syslog.log
umask $mask

Donny Jekels · ‎03-31-2003

I have this same, in my syslogd file.

I added chmod and chown. but for some reason the perm gets over written. to 400

"Vision, is the art of seeing the invisible"

Tom Maloy · ‎03-31-2003

Do you have some other package running that monitors system files and permissions and RESETS them to what it thinks is correct?

Carpe diem!

Donny Jekels · ‎03-31-2003

hmm. not that I know of but it is a trusted system.

"Vision, is the art of seeing the invisible"

Michael Steele_2 · ‎03-31-2003

The path to syslog.log can be redirected to any location in /etc/syslog.conf.

Default:

CURRENT SYSLOG.CONF file.

*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

Can be changed to:

*.info;mail.none /var/adm/syslog.log

-oro

*.info;mail.none /tmp/syslog.log

...for example.

In fact, I've seen Solaris guys come over to HP and do this.

Support Fatherhood - Stop Family Law

Michael Steele_2 · ‎03-31-2003

What does your /sbin/init.d have for syslog?

cd /sbin/init.d
grep -i syslog *

Is the path /var/adm/syslog/syslog.log hard coded into any startup stripts?

Support Fatherhood - Stop Family Law

Michael Steele_2 · ‎03-31-2003

Run check_patches or swverify to check your system for corruption;

check_patches

-or-

swverify -v -x check_permissions=true \*

Note the swverify and swagent.log.

Also check your /etc/syslog.conf file for tabs, spaces or other control characters. Maybe even copy the default over from /usr/newconfig/etc/syslog.conf and remake it from scratch.

Support Fatherhood - Stop Family Law

Donny Jekels · ‎03-31-2003

M. Frederick,

WHen I sourced the fresh config in, everything worked.

however when I added the line

*.emerg;mail.none;*.alert;*.crit;*.error;*.warning;*.notice;*.info;*.debug /var/adm/syslog/syslog.log

the same error occured.

is this the correct method to log everything?

"Vision, is the art of seeing the invisible"

Jon Finley · ‎03-31-2003

No... You place the lowest level of messages you desire to see.

*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

The above is a standard config that will display informational messages on up to Emergency messages to the log file, plus root will receive alert level and higher, and everyone will receive emergency and higher.

So if you only wanted to redirect alerts and higher, you would state:
*.alert;mail.none /var/adm/syslog/syslog.log

Jon

"Do or do not. There is no try!" - Yoda

Donny Jekels · ‎04-01-2003

Thanks all for your help!

Donny

"Vision, is the art of seeing the invisible"

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: syslog does wierd things

syslog does wierd things