Hi Joe,
You would need to check these pipe files /dev/log and /dev/klog while your syslog stopped writing.
If your system logs too much, then keeping one big file is not a good idea. You may want to trim your syslog and recycle it periodically. Here is a sample script may give you an idea how to do it.
//
#!/usr/bin/ksh
FILE=/var/adm/syslog/syslog.log
/sbin/init.d/syslogd stop
i=7
while [ $i -gt 0 ]
do
(( j = $i - 1 ))
if [ -f ${FILE}.${j} ]
then
mv ${FILE}.${j} ${FILE}.${i}
fi
(( i = $i - 1 ))
done
mv $FILE $FILE.1
/sbin/init.d/syslogd start
//
Put it in cron and run it probably once in a week or so. Change the value of i to reflect how many copies of syslog you want to keep.
-Sri
You may be disappointed if you fail, but you are doomed if you don't try
