1839195 Members
2519 Online
110137 Solutions
New Discussion

Re: Tracking log files

 
SOLVED
Go to solution
Vito Sarducci
Regular Advisor

Tracking log files

Hello all,

How can i take all the system log files that my hp system creates daily and view them all thru one local file? The files that I want to view in one central file are the following;

/var/adm/sulog
/var/adm/messages
/var/adm/syslog/syslog.log (view last 500 lines)
/var/adm/syslog/mail.log (view last 500 lines)
/var/adm/cron/log (view last 24 hours)
/var/adm/log/backupfs.log (view last 500 lines)

Has anyone done this before? Is there an easy way to do this?

Please advise? thanks,

Chris
chrisam@rocketmail.com
Lifes too short to stress out, Enjoy every day you have on earth!
7 REPLIES 7
Vito Sarducci
Regular Advisor

Re: Tracking log files

I forgot to ask, is there any HP utility or program that does this that i can download and install?

Any help is appreciated?

Chris
chrisam@rocketmail.com
Lifes too short to stress out, Enjoy every day you have on earth!
Joseph C. Denman
Honored Contributor
Solution

Re: Tracking log files

You could write a script to do something like this????

###begin script
log=/var/adm/logs.tmp
cat /var/adm/sulog > $log
cat /var/adm/messages >> $log
tail -500 /var/adm/syslog/syslog.log >> $log
tail -500 /var/adm/syslog/mail.log >> $log
cat /var/adm/cron/log >> $log
tail -500 /var/adm/log/backupfs.log >> $log
more $log
rm $log
##end script


...jcd...
If I had only read the instructions first??
Patrick Wallek
Honored Contributor

Re: Tracking log files

There is no HP software / utility to do what you want to do. I would write a simple script that will take the parts of each logfile that you want to view and write it to another file. By the way, there is no /var/adm/messages on HP-UX, that is a solaris file. The equivalent is /var/adm/syslog/syslog.log on HP-UX.

An example:
mylogfile=mylogfile.`date +%m%d%Y`
echo "****************/var/adm/sulog****************" > $mylogfile
cat /var/adm/sulog >> $mylogfile
echo "" >> $mylogfile
echo "*******************/var/adm/syslog/syslog.log*********" >> $mylogfile
tail -500 /var/adm/syslog/syslog.log >> $mylogfile
echo "" >> $mylogfile
echo "*******************/var/adm/syslog/mail.log***********" >> $mylogfile
tail -500 /var/adm/syslog/mail.log >> $mylogfile
echo "" >> $mylogfile
echo "*******************/var/adm/cron/log*************" >> $mylogfile
tail -500 /var/adm/cron/log >> $mylogfile
echo "" >> $mylogfile
echo "**************/var/adm/log/backupfs.log**************" >> $mylogfile
tail -500 /var/adm/log/backupfs.log >> $mylogfile

Now you have everything in one file. If you want to e-mail the file to yourself add in the script:

mailx -s "Daily log file report" Your_email@whatever.com < $mylogfile

Hope this helps.
A. Clay Stephenson
Acclaimed Contributor

Re: Tracking log files

Hi Chris:

Everything except the cron log is quite easy:

T1=/tmp/myfile
cat var/adm/sulog > $T1
cat /var/adm/messages >> $T1
tail -n 500 /var/adm/syslog/syslog.log >> $T1
tail -n 500 /var/adm/syslog/mail.log >> $T1
tail -n 500 /var/adm/cron/log >> $T1
tail -n /var/adm/log/backupfs.log >> $T1

you can then vi/pg/more /tmp/myfile.

This is not quite the perfect solution since it looks at the last 500 lines of the cron log rather than pattern matching for the first desired date and copying from that point on using awk, sed, perl, ... . I leave that as a student exercise.

Regards, Clay
If it ain't broke, I can fix that.
MANOJ SRIVASTAVA
Honored Contributor

Re: Tracking log files

Hi Chris

I would go with Patricks solution since you also get the headers at the start of each file contents to differentiate between what is what , sincee it will be a lot of Data. My script is also similar to the one.

Manoj Srivastava
James R. Ferguson
Acclaimed Contributor

Re: Tracking log files

Hi Chris:

My approach for concatenating the individual files together would be the same. HOWEVER, the 'tail' function has a limited buffer. You will find a 500-line specification is sometimes excessive and you will end up with quite a bit less. You could do the following:

#!/usr/bin/sh
L=`wc -l < /var/adm/syslog/syslog.log`
let L=$L-500
sed "1,${L}d" /var/adm/syslog/syslog.log > /tmp/syslog

In this case, /tmp/syslog will truly contain the last 500 lines of the original.

...JRF...
Ralf Hildebrandt
Valued Contributor

Re: Tracking log files

A bizarre approach to logfiles. Why not extract what you're really not interested in and display the res?
Try using xlogmaster.
http://www.gnu.org/software/xlogmaster/
Postfix/BIND/Security/IDS/Scanner, you name it...