HPE Community
Operating System - HP-UX
1834158 Members
2392 Online
110064 Solutions
New Discussion

syslog.log is getting too big

 
SOLVED
Go to solution
Simon R Wootton
Regular Advisor

‎08-04-2003 05:42 AM

‎08-04-2003 05:42 AM

syslog.log is getting too big

My syslog.log grows at an alarming rate and makes important messages difficult to find. The reason is thousands of FTP messages (we use ftp alot!). I need to stop these messages (and other irrelevent messages) from hitting the syslog.

I believe there is a parameter in /etc/inetd.conf for ftp to do with logging (-l option ?) but wondered if this was the best option and what else is available to properly monitor the syslog.

All help is rewarded !

Thankyou
Simon
0 Kudos
Reply
8 REPLIES 8
harry d brown jr
Honored Contributor

‎08-04-2003 05:45 AM

‎08-04-2003 05:45 AM

Re: syslog.log is getting too big

You could remove the "-l" option from your ftpd line in /etc/inetd.conf. But then you won't have any logging (security issue??).

live free or die
harry
Live Free or Die
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-04-2003 05:49 AM

‎08-04-2003 05:49 AM

Re: syslog.log is getting too big

logging is a good thing.

Once a week, cron does the following things for my on syslog

cp /var/adm/syslog/syslog.log /backups/syslog.log

gzip /backups/syslog.log

> /var/adm/syslog.log

logging is your first defense against hackers, I urge you to leave it on.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

‎08-04-2003 05:49 AM

‎08-04-2003 05:49 AM

Re: syslog.log is getting too big

Or reconfig your /etc/syslog.conf file so all FTP messages go to a different file. I'm not sure what level ftpd logs at.
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎08-04-2003 05:51 AM

‎08-04-2003 05:51 AM

Solution

Re: syslog.log is getting too big

You could add a line to /etc/syslog.conf:

*.daemon /var/adm/syslog/daemon.log

This will write all the ftp messages to the daemon.log file. There will also be other messages from other daemon processes so you'll still have to sort through it, but it will make reading through the actual syslog.log file easier.

HTH
mark
the future will be a lot like now, only later
Reply
James R. Ferguson
Acclaimed Contributor

‎08-04-2003 05:52 AM

‎08-04-2003 05:52 AM

Re: syslog.log is getting too big

Hi SImon:

If 'ftpd' messages are a problem, drop the '-L' option from the 'etc/inetd.conf' spawn of the 'ftpd' daemon [and restart 'inetd'] or configure the 'etc/ftp/ftpaccess' file to specify a location for messages other than 'syslog'. See the man pages for 'ftpd(1M)' and 'ftpaccess(4)' for more details. Specifically note the 'log syslog+xferlog' option in 'ftpaccess'

Regards!

...JRF...
Reply
Stefan Farrelly
Honored Contributor

‎08-04-2003 05:53 AM

‎08-04-2003 05:53 AM

Re: syslog.log is getting too big

Just redirect ftp log messages to their own logfile, do it in /etc/syslog.conf

# @(#) $Revision: 74.1 $
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
local5.info;mail.none /var/adm/syslog/ftp.log
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

You can point the ftp.log anywhere you want, doesnt have to be in /var if youre having space issues. We back ours up weekly then cp /dev/null to them.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
Simon R Wootton
Regular Advisor

‎08-04-2003 05:56 AM

‎08-04-2003 05:56 AM

Re: syslog.log is getting too big

Guys - Thankyou all - Problem will be sorted within the hour !
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

‎08-04-2003 05:59 AM

‎08-04-2003 05:59 AM

Re: syslog.log is getting too big

This mod to syslog.conf should work, but I haven't tested it. Note: This will seperate anything that logs under the daemon facility, not just FTP.

HTH.

8c8,9
< *.info;mail.none /var/adm/syslog/syslog.log
---
> *.info;mail.none;daemon.none /var/adm/syslog/syslog.log
> daemon.* /var/adm/syslog/daemon.log

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.