HPE Community
Operating System - HP-UX
1834927 Members
2481 Online
110071 Solutions
New Discussion

Re: syslog

 
siva baskaran
Regular Advisor

‎05-20-2006 07:26 AM

‎05-20-2006 07:26 AM

syslog

dears,

how to change syslog from syslog.log to oldsyslog.log file what one more thing what are the log files are to be monitored

thanks
siva
0 Kudos
Reply
9 REPLIES 9
Torsten.
Acclaimed Contributor

‎05-20-2006 08:22 AM

‎05-20-2006 08:22 AM

Re: syslog

Do you want to "rotate" the syslog.log file and reduce the size?

The most easy way is to use SAM -> routine tasks and "trim" the file. You also can copy the content to another file (if needed) and clear the content of the original file with any kind of unix tools, e.g. "cp syslog.log myoldsyslog.log" and "cat /dev/null >syslog.log"

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎05-20-2006 08:31 AM

‎05-20-2006 08:31 AM

Re: syslog

BTW, in the SAM-> routine tasks -> trim area you'll find a list of all relevant log files.
(e.g. syslog, software distributor, cron, reboot, ...)

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎05-20-2006 10:10 AM

‎05-20-2006 10:10 AM

Re: syslog

Hi Siva,

The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job.



http://packages.debian.org/cgi-bin/download.pl?arch=hppa&file=pool%2Fmain%2Fl%2Flogrotate%2Flogrotate_3.7.1-3_hppa.deb&md5sum=b4ff419979984d0d9778aff1733a5330&arch=hppa&type=main


Goodluck

Darrel
0 Kudos
Reply
Mridul Shrivastava
Honored Contributor

‎05-20-2006 03:43 PM

‎05-20-2006 03:43 PM

Re: syslog

Log files to monitor (check if any error message is there):

Syslog /var/adm/syslog/syslog.log
Old Syslog /var/adm/syslog/OLDsyslog.log
Console messages dmesg (its a command)
Stm chasis code error log /var/stm/log/os/ccerrlog
Rc script log /etc/rc.log
Old rc script log /etc/rc.log.old
EMS events log /var/opt/resmon/log/event.log
Time has a wonderful way of weeding out the trivial
0 Kudos
Reply
Ninad_1
Honored Contributor

‎05-20-2006 09:52 PM

‎05-20-2006 09:52 PM

Re: syslog

Hi,
The simplest way if you have enough space to copy the syslog file is
cd /var/adm/syslog
cp syslog.log oldsyslog.log
cat /dev/null > syslog.log

If you do not have enough space to have the original syslog file + copy of syslogfile(which you will name as oldsyslog), then stop the syslog daemon, mv the syslogfile
You can stop the syslog daemon as
/sbin/init.d/syslogd stop
ls -l syslog.log [ Note the permissions and ownership of the syslog.log file ]
mv /var/adm/syslog/syslog.log /var/adm/syslog/oldsyslog.log
touch syslog.log
Use chmod and chown to set the permission and ownership of the syslog file as original
/sbin/init.d/syslogd start

The various log file you should monitor are
/var/adm/messages
/etc/rc.log [ Usually only after a system startup ]
/var/adm/syslog/syslog.log
Also check your /etc/syslog.conf to see if its been configured to log to any other files than syslog.log
Also its worth writing a small script which will monitor thr filesystem usage and mail you whenever any critical filesystems/any filesystem is greater then say 90%
You should also check the mails to root using mailx

Regards,
Ninad
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎05-21-2006 01:54 AM

‎05-21-2006 01:54 AM

Re: syslog


Hi Siva baskaran,

You can also copy the current syslog file to diff filename( oldsyslog.log) when the server is running and latter you can nullify the syslog.log file. ( by # > syslog.log )

Normally this happens during a reboot. ie, syslog will be coppiedn as OLDsyslog.

Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎05-21-2006 02:08 AM

‎05-21-2006 02:08 AM

Re: syslog

And the other important logs to monitor could be

run control script log -->
/etc/rc.log

EMS events log-- /var/opt/resmon/log/event.log

and

/etc/shutdownlog

also sulog --> for security reasons

Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Michael D. Zorn
Regular Advisor

‎05-22-2006 06:58 AM

‎05-22-2006 06:58 AM

Re: syslog

For me, at least, there are a lot of things I don't care about in syslog. I have a script that calls 'sed' to strip out irrelevant details.

The sequence that seems to work well is

#syslog.sed > syslog.sed
#cat /dev/null > syslog.log

If there aren't any unuseful things in the log, just copy syslog.log to a datesamp file and cat the null onto it.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎05-22-2006 07:12 AM

‎05-22-2006 07:12 AM

Re: syslog

The logrotate utility is a very handy tool for keeping your log files in check - otherwise they can grow without bounds.

The syslog.log file gets changed to OLDsyslog.log when the system is rebooted - manually or the result of a crash. Look into the /sbin/init.d/syslogd file.

/var/adm/wtmp
/var/adm/cron/log
/var/adm/snmpd.log
/var/adm/sulog
/var/adm/syslog/sudo.log
/var/adm/syslog/xferlog
/var/adm/syslog/mail.log
/var/adm/syslog/syslog.log
/var/adm/syslog/ssh.log

Here is an incomplete list. The logs you rotate will depend on your environment. Example, not everybody runs Secure Shell so there will not be a ssh.log file. Also look into the EMS logs, the rc.log, etc.



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.