HPE Community
Operating System - HP-UX
1823097 Members
3157 Online
109646 Solutions
New Discussion юеВ

What are the main system logs to look at???

 
SOLVED
Go to solution
Shaun Aldrich
Frequent Advisor

тАО09-07-2000 08:30 AM

тАО09-07-2000 08:30 AM

What are the main system logs to look at???

Hello everyone,

I want to look at the various system logs to see what type of activity went on between 2am last night and now.

What type of logs are good to look at? Any type of security logs may be helpful as well.

So far I have looked at the following:-

/var/adm/syslog/syslog.log
/var/adm/sulog

Any others would be greatly appreciated...

Thanks
Shaun Aldrich
0 Kudos
Reply
5 REPLIES 5
Cheryl Griffin
Honored Contributor

тАО09-07-2000 08:39 AM

тАО09-07-2000 08:39 AM

Solution

Re: What are the main system logs to look at???

Shaun,

You can get a pretty complete listing of system logs by going into SAM --> Routine Tasks --> System Log files. Here you can look at files but also routinely trim log files as part of system maintenance.

/etc/shutdownlog is good for tracking when/why the system was shutdown. (Look here first if you suspect a system panic.)

If you need to track login information, look at /etc/*tmp files (wtmp, btmp, utmp).

For software and patch installation information, look at /var/adm/sw/swinstall.log and /var/adm/sw/swagent.log.

The list of log files could grow quite large here depending on how your system is configured and what you are trying to trace.
"Downtime is a Crime."
Reply
Stefan Farrelly
Honored Contributor

тАО09-07-2000 08:40 AM

тАО09-07-2000 08:40 AM

Re: What are the main system logs to look at???


some of the good system logs are in binary format so you will have to use other commands to view them;
last and lastb to see logins and bad logins
If you have measureware installed you will need PerfView to view very detailed performance and process logging from last night.
To view the auditing logs (if enabled) you should use sam to view them.
The hardware logs should be viewed using stm (xstm).
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
CHRIS_ANORUO
Honored Contributor

тАО09-07-2000 09:10 AM

тАО09-07-2000 09:10 AM

Re: What are the main system logs to look at???

They ones stated above are okay. Use last -R, also if you have sar enable to run through cron, try sar -M, sar -d.
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
Reply
CHRIS_ANORUO
Honored Contributor

тАО09-07-2000 09:10 AM

тАО09-07-2000 09:10 AM

Re: What are the main system logs to look at???

They ones stated above are okay. Use last -R, also if you have sar enable to run through cron, try sar -M, sar -d.
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

тАО09-07-2000 10:55 AM

тАО09-07-2000 10:55 AM

Re: What are the main system logs to look at???

...and to help to monitor the content of these files, you can configure swatch
available at http://wuarchive.wustl.edu/packages/security/swatch/

Name : swatch
Version : 2.2
Size : 132477 bytes
Summary : A utility for monitoring system logs files.
Group : Applications/System
Requires : /usr/bin/perl
Description :

The Swatch utility monitors system log files, filters out unwanted
data and takes specified actions (i.e., sending email, executing a
script, etc.) based upon what it finds in the log files.

Install the swatch package if you need a program that will monitor log
files and alert you in certain situations.
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.