HPE Community
Operating System - HP-UX
1827247 Members
2228 Online
109716 Solutions
New Discussion

syslog guidelines

 
SOLVED
Go to solution
Ralph Grothe
Honored Contributor

‎10-31-2000 02:10 AM

‎10-31-2000 02:10 AM

syslog guidelines

Hi forumers,

coming from Linux I was a bit surprised that each time the HP-UX system reboots there seems to be started a new syslog.log while the pending version is moved to OLDsyslog.log.
I guess you can configure this behaviour somewhere (syslog.conf?) but haven't found out where yet.

From Linux'es /var/log/messages I'm not used to such odd (undeliberate) logrotation.
Probably because a desktop is expected to be rebooted more frequently.

I just would like to hear from others whether they have devised a rotation system for this most important logfile.

How long do you keep your syslogs (because with the preset behaviour after 2 reboots important information may be lost)?

Do you store excerpts in a database (flatfile, dbm file, RDBMS)?

Any guidelines are most welcome.

Regards
Ralph

Madness, thy name is system administration
0 Kudos
Reply
14 REPLIES 14
Andreas Voss
Honored Contributor

‎10-31-2000 02:18 AM

‎10-31-2000 02:18 AM

Solution

Re: syslog guidelines

Hi,

a agree with you. Rebooting twice and your older syslog.log is gone.
So i changed the rc script that does the renaming:
/sbin/init.d/syslogd
I changed:
mv /var/adm/syslog/syslog.log /var/adm/syslog/OLDsyslog.log
TO
mv /var/adm/syslog/syslog.log /var/adm/syslog/syslog.log_`date '+%d.%m.%y_%H:%M'`
This will rename old syslog files with time stamp on it.

Regards
Reply
Andreas Voss
Honored Contributor

‎10-31-2000 02:18 AM

‎10-31-2000 02:18 AM

Re: syslog guidelines

?
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎10-31-2000 03:50 AM

‎10-31-2000 03:50 AM

Re: syslog guidelines

I keep 3 copies:Old, previous, and current, and depending on the gap between 2 reboots, I permute the files myself, and reinitialize a new mail.log and syslog.log, based on size essentialy (some machines are up >200 days I have one up 468 days...)

Regards

Victor
Reply
Ralph Grothe
Honored Contributor

‎10-31-2000 05:07 AM

‎10-31-2000 05:07 AM

Re: syslog guidelines

to Andreas,

first I thought I could reply in German since apart from you no one else seemed inclined to drop a line.
But now I see Victor in line, and I think in Geneve they speek french (do they Victor?).

Thanks for pointing me to the init script of the syslog daemon.
Now I will also alter the mv statement to something more bootproof.

BTW, what is the question mark in your 2nd posting telling us?

To Victor,
unfortunately I haven't had uptimes over 200 days yet, as there was ample need to reboot the machines due to panics, kernel patches, firmware upgrades etc.
Sometimes I got the impression that my Linux box at home (standard of the shelf Intel PC) exhibited a more stable behaviour.
But maybe there is an HP Rep. reading this who would like to prove me wrong. ;-)
Madness, thy name is system administration
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎10-31-2000 05:26 AM

‎10-31-2000 05:26 AM

Re: syslog guidelines

Gutten tag
Bon Jour
Good Afternoon

Hi to all and thanks to Andreas for his syslogd modification which I now have in place on 2 K class and one N Class server I have also tested in on my N Class as at the moment it is my "Play" machine.
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Andreas Voss
Honored Contributor

‎10-31-2000 05:32 AM

‎10-31-2000 05:32 AM

Re: syslog guidelines

Hi,
i put the question mark into reply because today i get several posting errors. To prevent replies of same content i simply typed a ? and hit the submit button.
Just ignore that reply.

Regards
0 Kudos
Reply
Andreas Voss
Honored Contributor

‎10-31-2000 05:38 AM

‎10-31-2000 05:38 AM

Re: syslog guidelines

Hi,

just one addition of modifying /sbin/init.d/syslogd.
You have to take care when installing patches or other OS software that affects this file.
It will be overwritten (This script is not configurable!)
So before any swinstall make a save copy of the syslogd file.

Regards
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎10-31-2000 05:54 AM

‎10-31-2000 05:54 AM

Re: syslog guidelines

Yes Ralph,
Here we speak french, and I have found this forum as only alternative for not forgetting English, as long as the others forgive me for all my mistakes...
The difficult part is when your trying to reply and have a phone with someone speaking to you in french, you finish up writing something incoherent...

I feel less lonely since Ive started to be active (a bit) in this forum and I thank you all for that!

Best regards
Victor
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎10-31-2000 06:28 AM

‎10-31-2000 06:28 AM

Re: syslog guidelines

To Andreas' last reply,

thank you for stressing the volatility of init scripts with regard to OS upgrades.

Since I've contributed some of my own startup scripts and modified others I knew of this peril and keep backup copies.
(e.g. static routes, for which I didn't like HP's way to have 4 array entries for each route in /etc/rc.config.d/netconf, SAP start/stop)
Madness, thy name is system administration
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎10-31-2000 06:41 AM

‎10-31-2000 06:41 AM

Re: syslog guidelines

Personal opinion: Since I review the logs regularly, I see no need to keep the old ones. Just my $ 0.02
0 Kudos
Reply
Kevin Urschatz
Occasional Advisor

‎10-31-2000 08:20 AM

‎10-31-2000 08:20 AM

Re: syslog guidelines

I also see no point in keeping more than the current and the OLD syslog.

If you really need a syslog from a few reboots ago then a restore of the file is an option.

Just my 2 cents.
Advice can be given, but only the wise profit from it.
0 Kudos
Reply
Benjamin Heitmann
New Member

‎08-08-2001 02:44 AM

‎08-08-2001 02:44 AM

Re: syslog guidelines

Thank god, I found that post.

I was in the exactly same situation. Well and so that maybe more people find this post I am goint to put some more keywords here:

syslog old files rotation backup

;)
0 Kudos
Reply
Uffe Gavnholt_1
Honored Contributor

‎08-08-2001 03:42 AM

‎08-08-2001 03:42 AM

Re: syslog guidelines

Hi Ralph,

The solution for this is quite simple, I would suggest you made your own startup script to do whatever you want with the old syslog.

on hpux, simply put your script in /sbin/init.d, and put a link, with a name starting with an S### The "S" means it's a startup script, the number is the order of the startup.

Your script will be run, whenever the system changes to the runlevel you put your script in - make sure it's executed after the syslog script.

If you want to keep old syslogs, you can save them in a directory, renaming then to add a time stamp after the name.

Or you can append all of them to one big file. Doesn't have to be complicated.

Good luck with it

Uffe
0 Kudos
Reply
Mark Vollmers
Esteemed Contributor

‎08-08-2001 06:46 AM

‎08-08-2001 06:46 AM

Re: syslog guidelines

Ralph-

I have a cron job set up to copy the logs weekly, just so I have a record of them. I agree with what you're saying about the double reboot wiping out old ones, but normally, if that happens, I'm the one who's issuing the command. If I reboot and there are problems, I always try to go in as single user and copy the log so I can see what it's doing before the second reboot wipes it clean.

Mark
"We apologize for the inconvience" -God's last message to all creation, from Douglas Adams "So Long and Thanks for all the Fish"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.