HPE Community
Operating System - HP-UX
1830268 Members
2234 Online
110000 Solutions
New Discussion

syslog.log

 
SOLVED
Go to solution
chad_c
Super Advisor

‎10-30-2007 10:45 AM

‎10-30-2007 10:45 AM

syslog.log

hi....we have an hpux11.11 4440 server.

in the syslog.log we noticed the following entry occurring several times per second.

txovo remshd[280]: wtmp:open: /var/adm/wtmp No such file or directory

we deleted the /var/adm/wtmp file a while back because we did not require it to log info.

is there a way to prevent the following entry from being logged in the syslog.log file

txovo remshd[280]: wtmp:open: /var/adm/wtmp No such file or directory

rgds,
chad
0 Kudos
13 REPLIES 13
Court Campbell
Honored Contributor

‎10-30-2007 12:39 PM

‎10-30-2007 12:39 PM

Re: syslog.log

For this particular entry you need to edit inetd.conf and change the line

shell stream tcp nowait root /usr/lbin/remshd remshd

shell stream tcp nowait root /usr/lbin/remshd remshd -t

then you need to run inetd -c
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
whiteknight
Honored Contributor

‎10-30-2007 01:18 PM

‎10-30-2007 01:18 PM

Re: syslog.log


Hi Chad,

Please also patch this as well.

PHNE_33793 11.11 r-commands cumulative mega-patch


it fixed known issues

WK
Problem never ends, you must know how to fix it
0 Kudos
chad_c
Super Advisor

‎10-31-2007 03:00 AM

‎10-31-2007 03:00 AM

Re: syslog.log

hi...thanks for the info.

i made the changes to the suggested file

shell stream tcp nowait root /usr/lbin/remshd remshd -t

then ran: txovo# inetd -c

still getting: Oct 31 09:59:04 txovo remshd[1162]: wtmp:open: /var/adm/wtmp No such file or directory

any idea on how to prevent this entry from being logged to syslog.log?

rgds,
chad
0 Kudos
Patrick Wallek
Honored Contributor

‎10-31-2007 03:21 AM

‎10-31-2007 03:21 AM

Re: syslog.log

How about just recreateing /var/adm/wtmp?

The file usually does not get very large, if it does you can clean it up.
0 Kudos
Court Campbell
Honored Contributor

‎10-31-2007 03:22 AM

‎10-31-2007 03:22 AM

Re: syslog.log

Not sure why it did not work, but you could always recreate the file /var/adm/wtmp. I am not sure why you removed it in the forst place, and I don't really need an explanation.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
chad_c
Super Advisor

‎10-31-2007 03:35 AM

‎10-31-2007 03:35 AM

Re: syslog.log

i could recreate wtmp, but we have several servers that remsh to this box very frequently which creates an entry in the wtmp file. this fills up the lvol very fast. so i deleted it. this however causes the syslog.log to log an entry saying it cannot find wtmp which causes the lvol to fill pretty fast.

so i'm just looking for a way to not log the following entry in the syslog.log

Oct 31 10:33:05 txovo remshd[445]: wtmp:open: /var/adm/wtmp No such file or directory

rgds,
chad
0 Kudos
Court Campbell
Honored Contributor

‎10-31-2007 03:57 AM

‎10-31-2007 03:57 AM

Solution

Re: syslog.log

add the file back and if it is really growing that fast write a script that wipes the file via cron every so often.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Patrick Wallek
Honored Contributor

‎10-31-2007 04:02 AM

‎10-31-2007 04:02 AM

Re: syslog.log

What if you link /var/adm/wtmp to /dev/null?

# cd /var/adm
# umask 000
# ln -s /dev/null wtmp
(Don't forget to reset your umask)


This may fool the system into thinking wtmp is there, but when it writes something to wtmp, it gets tossed to /dev/null and doesn't cost you any disk space.
0 Kudos
rajdev
Valued Contributor

‎10-31-2007 04:06 AM

‎10-31-2007 04:06 AM

Re: syslog.log

Hi Chad,

you can try this if you don't want the error to go to syslog.

1) take back of inetd.conf

2) modify the line

shell stream tcp6 nowait root /usr/lbin/remshd remshd

TO

shell stream tcp6 nowait root /usr/lbin/remshd>/dev/null remshd

3) run inetd -c

4) now try the remsh from other hosts

Regards
0 Kudos
chad_c
Super Advisor

‎10-31-2007 04:20 AM

‎10-31-2007 04:20 AM

Re: syslog.log

patrick,

sounds like it may work....before i try it, want to make sure i know what you mean you you say (Don't forget to reset your umask)

rgds,
chad
0 Kudos
Patrick Wallek
Honored Contributor

‎10-31-2007 04:33 AM

‎10-31-2007 04:33 AM

Re: syslog.log

In the command I gave, I have you do a 'umask 000'. This sets your umask to 0 and causes the permissions on the link created to be 777.

After you create the link you just need to reset your umask to whatever it was before you ran 'umask 000' so that any new files that are created are created with the correct permissions based on your umask.
0 Kudos
chad_c
Super Advisor

‎10-31-2007 04:40 AM

‎10-31-2007 04:40 AM

Re: syslog.log

.
0 Kudos
Court Campbell
Honored Contributor

‎10-31-2007 05:03 AM

‎10-31-2007 05:03 AM

Re: syslog.log

Kudos Pat.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.