HPE Community
Operating System - HP-UX
1834796 Members
3219 Online
110070 Solutions
New Discussion

Re: /var/adm/syslog/syslog never being written to

 
SOLVED
Go to solution
Tim Killinger
Regular Advisor

‎10-18-2004 07:43 AM

‎10-18-2004 07:43 AM

/var/adm/syslog/syslog never being written to

I have an ux 11.0 machine whose syslog is always 0 bytes. I have other machines where various things are being written to syslog as I would expect. the /etc/syslog.conf file is identical on each machine.

What might be missing that is not allowing/creating syslog entries on this one machine??
0 Kudos
Reply
9 REPLIES 9
Steven E. Protter
Exalted Contributor

‎10-18-2004 07:46 AM

‎10-18-2004 07:46 AM

Re: /var/adm/syslog/syslog never being written to

The syslog daemon may not be running.

ps -ef | grep syslog

should yeild
/usr/bin/syslog -D

/sbin/init.d/syslogd start

Check the permissions on the syslog file and make sure it can be written to.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎10-18-2004 07:47 AM

‎10-18-2004 07:47 AM

Re: /var/adm/syslog/syslog never being written to

The most obvious answer is that syslogd is not running. The very first thing to do is a ps -ef | grep syslogd to see if the daemon is running.
If it ain't broke, I can fix that.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-18-2004 07:48 AM

‎10-18-2004 07:48 AM

Re: /var/adm/syslog/syslog never being written to

is the syslogd daemon running?

ps -ef |grep syslog
root 899 1 0 Sep 28 ? 00:01 /usr/sbin/syslogd -D


Check for /sbin/init.d/syslogd

and link in /sbin/rc2.d
lrwxr-xr-x 1 root root 20 Sep 23 2002 S220syslogd -> /sbin/init.d/syslogd

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎10-18-2004 07:50 AM

‎10-18-2004 07:50 AM

Solution

Re: /var/adm/syslog/syslog never being written to

Hi Tim,

Check the /etc/syslog.conf sometimes there are spaces instead of tabs between levels.

Best regards,
Robert-Jan
Reply
Tim Killinger
Regular Advisor

‎10-18-2004 08:48 AM

‎10-18-2004 08:48 AM

Re: /var/adm/syslog/syslog never being written to

interestingly, lsof shows 19 file open on the problem machine - machines with normal syslog entries show 20 files open... the extra file being /var/adm/syslog/syslog.log
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-18-2004 12:45 PM

‎10-18-2004 12:45 PM

Re: /var/adm/syslog/syslog never being written to

Did someone (as root) change permissions on /etc/syslog.conf--it should be 444 owned by bin. Also, if the file was edited incorrectly, it may invalidate the filtering. There is a clean version in /usr/newconfig/etc. See if any logging is taking place:

logger -p kern.emerg "Testing syslogd"

With a standard /etc/syslog.conf, you'll get the message in syslog and also a message on every terminal that is logged in.

If nothing happens, find syslog's PID:

ps -e | grep syslogd

If there are none, then start syslogd with:

/sbin/init.d/syslogd start

If there is one copy running, use the command:

kill -HUP

Check also that the file /var/rub/syslogd.pid has the same number as ps reports. If it does not, syslogd was probably killed accidently by a root user. Restart syslogd with:

/sbin/init.d/syslogd start

If there are multiple copies running, kill all the syslogs with:

ps -e | grep syslogd
kill -HUP ...

Check ps again to make sure all copies are gone then restart syslogd again.

You may not be up to date on patches.


Bill Hassell, sysadmin
Reply
Duncan Edmonstone
HPE Pro

‎10-18-2004 06:50 PM

‎10-18-2004 06:50 PM

Re: /var/adm/syslog/syslog never being written to

If /var fills up then its not unknown for syslogd to stop writing to the syslog.log file even after space has been cleared down. Sending a kill -HUP to syslogd as suggested by Bill usually gets it going again.

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
Sยภเl Kย๓คг
Respected Contributor

‎10-18-2004 07:06 PM

‎10-18-2004 07:06 PM

Re: /var/adm/syslog/syslog never being written to

1)Check wether syslogd deamon is running
#ps -aef |grep syslogd
root 393 1 0 Sep 29 ? 0:01 /usr/sbin/syslogd -D



2)Pls review /etc/syslog.conf file
it should look like

# @(#) $Revision: 74.1 $
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *




3)check for the permission of the syslog.log
# ll /var/adm/syslog/syslog.log
-rw-r--r-- 1 root root 514756 Oct 19 11:47 /var/adm/syslog/syslog.log


regards
SK
Your imagination is the preview of your life's coming attractions
Reply
Tim Killinger
Regular Advisor

‎10-19-2004 01:36 AM

‎10-19-2004 01:36 AM

Re: /var/adm/syslog/syslog never being written to

There was something wrong with /etc/syslog.conf. I copied the file from a machine that was working, stopped and start syslogd, and now I get syslog entries

Thanks!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.