HPE Community
Operating System - HP-UX
1833589 Members
5266 Online
110061 Solutions
New Discussion

Re: syslog

 
SOLVED
Go to solution
Christian Briddon_1
Occasional Advisor

‎07-09-2002 05:41 AM

‎07-09-2002 05:41 AM

syslog

Hi there,

I have a 2 tiered question for you all.

Firstly, looking at our syslog file I see many errors that say "unknown command capa" or "unknown command uidl", both from popper. I have not got a clue what these errors are and would be greatful if you could tell me.

Secondly, how do I decide what gets logged in the syslog?

thanks in advance,

Christian Briddon
0 Kudos
Reply
8 REPLIES 8
Christopher McCray_1
Honored Contributor

‎07-09-2002 05:47 AM

‎07-09-2002 05:47 AM

Re: syslog

Hello,

As for the first question, my best guess is that there is a script that is executing invalid commands. Note the times and check your crontab. The syslog entries should be more specific; could you post an example of the entire message?

#2: /etc/syslog.conf is the file in which you decid what goes to what file, including syslog.

Make your changes and bounce syslogd

Hope this helps

Chris
It wasn't me!!!!
Reply
Tom Geudens
Honored Contributor

‎07-09-2002 05:49 AM

‎07-09-2002 05:49 AM

Re: syslog

Hi,
1. Looks mailrelated ... don't know for sure but is sendmail working ok on this system ?
2. Take a look in /etc/syslog.conf

Regards,
Tom
A life ? Cool ! Where can I download one of those from ?
Reply
Christopher McCray_1
Honored Contributor

‎07-09-2002 05:51 AM

‎07-09-2002 05:51 AM

Re: syslog

Hello again,
Here is a copy of a syslog.conf file

#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
auth.info /var/adm/auth.log
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
# Start of lines added by NetWorker - DO NOT DELETE OR CHANGE THIS LINE
# installed by postinstall on Thu Jan 11 13:56:26 EST 2001
daemon.notice /dev/console
daemon.notice /nsr/logs/messages
daemon.notice operator
local0.notice /nsr/logs/summary
local0.alert root, operator
# End of lines added by NetWorker - DO NOT DELETE OR CHANGE THIS LINE
# Tivoli logfile adapter entry, ID=default
*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info /tmp/.tivoli/.tecad_logf
ile.fifo.scsdata1.default
# End of logfile adapter entry, ID=default

Enjoy

Chris


It wasn't me!!!!
Reply
Helen French
Honored Contributor

‎07-09-2002 05:59 AM

‎07-09-2002 05:59 AM

Re: syslog

My thoughts:

1) The unknown command can be coming from a script or application. Check the log files, time stamps, processes.. etc to find out the reason for that. The system trying to execute some unknown commands.

2) The /etc/syslog.conf file determines what get logged in the syslog file. This man page will give you all information you need:

# man syslogd
Life is a promise, fulfill it!
Reply
Christian Briddon_1
Occasional Advisor

‎07-09-2002 06:03 AM

‎07-09-2002 06:03 AM

Re: syslog

Thanks for the replies. The 2 lines in the syslog that are causing me concern are as follows:

Jul 9 14:55:19 n4000 popper: -ERR Unknown command: "capa".
Jul 9 14:55:19 n4000 popper: -ERR Unknown command: "uidl".

Sendmail works fine on this system. If any of you have any ideas I would be really greatful.

Cheers,

Christian
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎07-09-2002 06:10 AM

‎07-09-2002 06:10 AM

Re: syslog

Hi Christian,

Not sure, but it looks to me like you have a POP3 mail client trying to access the mail services when you don't have the server setup to service POP requests. OR a POP3 client is "misbehaving" & the server is simply logging these errors.
Is this server setup to handle POP3 clients?

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Helen French
Honored Contributor

‎07-09-2002 06:12 AM

‎07-09-2002 06:12 AM

Re: syslog

Again, the 'popper' error normally comes from a POP3 server. Check and make sure that your settings and configuration are right.
Life is a promise, fulfill it!
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎07-09-2002 06:14 AM

‎07-09-2002 06:14 AM

Solution

Re: syslog

Christian:

Another, standard way to make entries into the syslog is with 'logger'. Have a look at the man pages for more details. By example, in a script I could write:

# logger -t JRF -i I noted this!

Then, in 'syslog' we would find:

Jul 9 10:17:29 myhostname JRF[21839]: I noted this!

You might want to look for this kind of usage.

Regards!

...JRF...

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.