HPE Community
Operating System - HP-UX
1833788 Members
2345 Online
110063 Solutions
New Discussion

syslog

 
Indrajit Bhagat
Regular Advisor

‎09-14-2007 03:03 AM

‎09-14-2007 03:03 AM

syslog

what is the difference between syslog and dmesg.
0 Kudos
Reply
4 REPLIES 4
A. Clay Stephenson
Acclaimed Contributor

‎09-14-2007 03:07 AM

‎09-14-2007 03:07 AM

Re: syslog

Dmesg is implemented as a circular buffer of finite size; it's main advantage is that the OS can always report to it even if every filesystem is full but because of circular nature earlier messages can be overwritten by later ones. The syslog is the file written by the syslog deamon (syslogd) and because it is a file rather than a circular buffer, it's size is really only limited by the capacity of the filesystem which hosts the file.
If it ain't broke, I can fix that.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎09-14-2007 03:32 AM

‎09-14-2007 03:32 AM

Re: syslog

Hi Indrajit:

To add to Clay's explanation, if you look at the manpages for 'dmesg(1M)' you can see how to setup a periodic extraction of the 'dmesg' buffer should it contain any critical information.

Regards!

...JRF...
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎09-14-2007 10:00 AM

‎09-14-2007 10:00 AM

Re: syslog

Normally, the syslogd daemon will automatically read the kernel messages (and forward them to the configured log destinations, if the message priority indicates it's required). So the important messages will automatically flow from the kernel message buffer (dmesg) to syslog.

In a sick machine (one with a critical out-of-memory condition, failing memory or some other serious problem) the syslogd daemon may crash, but the kernel message buffer will function as long as the kernel is still alive... but if the machine is in such a bad state, running the "dmesg" command successfully to see the messages may not be easy.

Note that the messages in the dmesg output don't generally have time stamps, so even the latest message at the end of the listing may be old.

You cannot get your own messages into the "dmesg" listing unless you program your own HP-UX driver, but syslog can be used fairly easily from user programs ("man 3 syslog" for the programming interface) or even scripts (man logger).

MK
MK
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-14-2007 11:46 AM

‎09-14-2007 11:46 AM

Re: syslog

dmesg does have timestamps -- you have to run it with the 'newer' option which just a - as in:

dmesg -

The firat time you run it, you see the entire buffer. The next time, you see nothing -- unless something new has been sent to the message buffer. So to create a log with time stamps, put this in root's crontab:

0,10,20,30,40,50 * * * * dmesg - >> /var/adm/dmesg.log

Now you'll have a time-stamped log of dmesg entries.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.