HPE Community
Operating System - HP-UX
1834163 Members
2742 Online
110064 Solutions
New Discussion

Re: syslog for 60 days

 
SOLVED
Go to solution
Ravi_8
Honored Contributor

‎12-26-2002 10:21 PM

‎12-26-2002 10:21 PM

syslog for 60 days

Hi, all

when i looked into OLDsyslog.log file of all systems it has the logs till last boot and syslog.log from the last boot. Now my question is how to keep the logs for 60 days irrespective of boots

Thank u all
never give up
0 Kudos
Reply
17 REPLIES 17
RAC_1
Honored Contributor

‎12-26-2002 10:36 PM

‎12-26-2002 10:36 PM

Re: syslog for 60 days

Everytime the system is started the syslog is move to OLDsyslog.log and new one started.

I just looked at syslogd in /sbin/init.d directory.

That says no changes in this file. The other way I can think of is putting a script in sbin/init.d and links in respective rc levels in such a way that it checks for syslog.log file then renames it. this way we can control syslog.log file moved. and at the same time syslogd daemon will be able to keep two files. OLDsyslog.d and syslog.log.

No idea on how I would start the script before syslogd starts.
There is no substitute to HARDWORK
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-26-2002 10:41 PM

‎12-26-2002 10:41 PM

Re: syslog for 60 days

Everytime the system is started the syslog is move to OLDsyslog.log and new one started.

I just looked at syslogd in /sbin/init.d directory.

That says no changes in this file. The other way I can think of is putting a script in sbin/init.d and links in respective rc levels in such a way that it checks for syslog.log file then renames it. this way we can control syslog.log file moved. and at the same time syslogd daemon will be able to keep two files. OLDsyslog.d and syslog.log.

No idea on how I would start the script before syslogd starts.
There is no substitute to HARDWORK
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-26-2002 10:45 PM

‎12-26-2002 10:45 PM

Re: syslog for 60 days

sorry for three replies.

Problem with accessing internet.
There is no substitute to HARDWORK
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎12-27-2002 01:37 AM

‎12-27-2002 01:37 AM

Re: syslog for 60 days

Why don't you roll your own log rotation scheme for /var/adm/syslog/syslog.log?

I think all that should be required is to send syslogd a SIGHUP to restart system logging.
Thus I would think you could do something like


gzip -c /var/adm/syslog/syslog.log > /var/adm/syslog/syslog_till_$(date +%Y%m%d).gz
> /var/adm/syslog/syslog.log && kill -s 1 $(cat /var/run/syslog.pid)

put something similar (better more eleborate) in a script and have it run through cron at your rotation intervall
Madness, thy name is system administration
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎12-27-2002 01:43 AM

‎12-27-2002 01:43 AM

Re: syslog for 60 days

Sorry,

I was deviating, and didn't answer your question.

I think (though this may be not good practice) you will have to modify this line here

# grep mv /sbin/init.d/syslogd
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.
log


And do the move instead through your own rotation scheme at wanted intervalls.
Madness, thy name is system administration
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎12-27-2002 01:44 AM

‎12-27-2002 01:44 AM

Re: syslog for 60 days

Hi,
true when ever the system is booted the syslog gets coppied to Oldsyslog and a new syslog file starts.
To save these files write a housekeeping script which copies the syslog everyday to a file with date stamp.
Something like syslog25MonDec.
and empty the syslog file. Keep files only for 60 days and delete rest.
You you need more info on how to write that script let me know.

Cheers
Rajeev
0 Kudos
Reply
Leif Halvarsson_2
Honored Contributor

‎12-27-2002 02:08 AM

‎12-27-2002 02:08 AM

Re: syslog for 60 days

Hi
I think this is possible.

In the file /sbin/init.d/syslog is a line:
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
Comment out this line.

Write a cron script that copy the syslog.log file to OLDsyslog.log and reset syslog.log

cp /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
>/var/adm/syslog/syslog.log

Run this script once evry second month.

0 0 1 1,3,5,7,9,11 * /
0 Kudos
Reply
Ravi_8
Honored Contributor

‎12-27-2002 02:10 AM

‎12-27-2002 02:10 AM

Re: syslog for 60 days

Hi, rajeev

I can't do moving files manually on over 100 HP machines that we have. I need automate the process
never give up
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎12-27-2002 02:15 AM

‎12-27-2002 02:15 AM

Re: syslog for 60 days

Thats why i am saying Ravi. Write a script, put it in the cron and forget it. It will copy the cron to another file at midnight, trim the original syslog to 0 and then search for files older that 60 days and delete them its so simple.
Use cron dont do things manually


Rajeev
0 Kudos
Reply
Ravi_8
Honored Contributor

‎12-27-2002 03:05 AM

‎12-27-2002 03:05 AM

Re: syslog for 60 days

Hi, Leif and rajeev

commented that line in syslogd file under /sbin/init.d and made a crontab entry.
but after reboot syslogd daemon is not starting
never give up
0 Kudos
Reply
Marco Santerre
Honored Contributor

‎12-27-2002 03:05 AM

‎12-27-2002 03:05 AM

Re: syslog for 60 days

I would probably go the cron route myself. But the one thing to keep in mind is to shut down the syslogd daemon first before you move your files around. The reason for this is that the syslogd will create the syslog.log file on its own and attach itself to it, so if you copy the syslog.log without stopping the daemon first, the daemon will be all screwed trying to write to your OLDsyslog.log after you've copied it. Now the bad part about this, is for the time you will stop your daemon, you won't record anything into your syslog.
Cooperation is doing with a smile what you have to do anyhow.
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎12-27-2002 03:16 AM

‎12-27-2002 03:16 AM

Solution

Re: syslog for 60 days

Ravi There is no need of commenting the line in /sbin/init.d/syslogd
and neither do move the file /var/adm/syslog/syslog.log. always copy this file to /var/adm/syslog/syslog.log.DATE through a some script called by cron and then trim the syslog.log to zero by just doing > syslog.log.

With this method you have syslog of each day saved and you dont need to bring down the syslogd demon also.

Cheers
Rajeev
Reply
Leif Halvarsson_2
Honored Contributor

‎12-27-2002 03:41 AM

‎12-27-2002 03:41 AM

Re: syslog for 60 days

Hi,
Sorry, you actually has to comment out all the following lines.

if [ -f /var/adm/syslog/syslog.log ]; then
# mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
# mask=`umask`
# umask 022
# > /var/adm/syslog/syslog.log
# umask $mask
# fi

I tested this on one of our systems, the syslogd starts after rebooting and the boot messages are appended to the syslog.log file (no new file is created).
Reply
Leif Halvarsson_2
Honored Contributor

‎12-27-2002 03:43 AM

‎12-27-2002 03:43 AM

Re: syslog for 60 days

Sorry again,
I have problems with cut and paste. The line

if [ -f /var/adm/syslog/syslog.log ]; then

should of course be commented out too.
Reply
Ravi_8
Honored Contributor

‎12-27-2002 04:04 AM

‎12-27-2002 04:04 AM

Re: syslog for 60 days

Hi,
by adding few lines in syslogd file solved my problem. here is the portion of this file which i modified

start')
if [ -x /usr/sbin/syslogd -a -f /etc/syslog.conf ]; then
if[ -f /var/adm/syslog/OLDsyslog.log]
then
cat /var/adm/syslog/OLDsyslog.log >> /var/adm/syslog/syslog
then
if [ -f /var/adm/syslog/syslog.log ]; then
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
mask=`umask`
umask 022
>/var/adm/syslog/syslog.log
umask $mask

Rajeev and Leif thanx a lot
never give up
0 Kudos
Reply
Q4you
Regular Advisor

‎12-30-2002 06:16 PM

‎12-30-2002 06:16 PM

Re: syslog for 60 days

If you are still looking for a solution to preserve the syslog file aftr every reboot , add this rotation login in syslogd ->
if [ -x /usr/sbin/syslogd -a -f /etc/syslog.conf ]; then
if [ -f /var/adm/syslog/OLD5syslog.log ]; then
mv /var/adm/syslog/OLD5syslog.log /var/adm/syslog/OLD6syslog.log
fi
if [ -f /var/adm/syslog/OLD4syslog.log ]; then
mv /var/adm/syslog/OLD4syslog.log /var/adm/syslog/OLD5syslog.log
fi
if [ -f /var/adm/syslog/OLD3syslog.log ]; then
mv /var/adm/syslog/OLD3syslog.log /var/adm/syslog/OLD4syslog.log
fi
if [ -f /var/adm/syslog/OLD2syslog.log ]; then
mv /var/adm/syslog/OLD2syslog.log /var/adm/syslog/OLD3syslog.log
fi
if [ -f /var/adm/syslog/OLD1syslog.log ]; then
mv /var/adm/syslog/OLD1syslog.log /var/adm/syslog/OLD2syslog.log
fi
if [ -f /var/adm/syslog/syslog.log ]; then
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLD1syslog.log

0 Kudos
Reply
Q4you
Regular Advisor

‎12-30-2002 06:18 PM

‎12-30-2002 06:18 PM

Re: syslog for 60 days

If you are still looking for a solution to preserve the syslog file after every reboot(upto 6 reboots) , add this rotation logic in syslogd ->

if [ -x /usr/sbin/syslogd -a -f /etc/syslog.conf ]; then
if [ -f /var/adm/syslog/OLD5syslog.log ]; then
mv /var/adm/syslog/OLD5syslog.log /var/adm/syslog/OLD6syslog.log
fi
if [ -f /var/adm/syslog/OLD4syslog.log ]; then
mv /var/adm/syslog/OLD4syslog.log /var/adm/syslog/OLD5syslog.log
fi
if [ -f /var/adm/syslog/OLD3syslog.log ]; then
mv /var/adm/syslog/OLD3syslog.log /var/adm/syslog/OLD4syslog.log
fi
if [ -f /var/adm/syslog/OLD2syslog.log ]; then
mv /var/adm/syslog/OLD2syslog.log /var/adm/syslog/OLD3syslog.log
fi
if [ -f /var/adm/syslog/OLD1syslog.log ]; then
mv /var/adm/syslog/OLD1syslog.log /var/adm/syslog/OLD2syslog.log
fi
if [ -f /var/adm/syslog/syslog.log ]; then
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLD1syslog.log

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.