Operating System - Tru64 Unix
1839305 Members
2783 Online
110138 Solutions
New Discussion

Re: Syslogd on Tru64

 
SOLVED
Go to solution
Carlos Zampar
Advisor

Syslogd on Tru64

Hi,

I change my syslog.conf for this:

# facilities: kern user mail daemon auth syslog lpr binary
# priorities: emerg alert crit err warning notice info debug
kern.debug /var/adm/syslog.dated/kern.log
user.debug /var/adm/syslog.dated/user.log
mail.debug /var/adm/syslog.dated/mail.log
daemon.debug /var/adm/syslog.dated/daemon.log
auth.debug /var/adm/syslog.dated/auth.log
syslog.debug /var/adm/syslog.dated/syslog.log
lpr.info /var/adm/syslog.dated/lpr.log
# New lines here.
auth.debug @xxx.xxx.xxx.xxx
kern.debug @xxx.xxx.xxx.xxx
user.debug @xxx.xxx.xxx.xxx
mail.debug @xxx.xxx.xxx.xxx
daemon.debug @xxx.xxx.xxx.xxx
syslog.debug @xxx.xxx.xxx.xxx
lpr.info @xxx.xxx.xxx.xxx

After I stop and start syslog

:/sbin/init.d>#./syslog stop
:/sbin/init.d>#./syslog start
System error logger started

:/var/adm/syslog.dated/current>#ps -eaf |grep syslog
root 1351502 1048577 0.0 06:41:04 ?? 0:00.01 /usr/sbin/syslogd -e
root 1354185 1351227 0.0 06:54:52 pts/1 0:00.01 grep syslog

After this error, syslog write only mail.log, whats happen?


17 REPLIES 17
Liviu I.
Frequent Advisor
Solution

Re: Syslogd on Tru64

There is no error , at least not from what you say.

Excerpt from /sbin/init.d/syslog :
if /usr/sbin/syslogd -e ; then
echo "System error logger started"
else
echo "Cannot start system error logger"
fi

So your syslog daemon started fine, as you can see from the ps command you have ... it is running ..

Try to generate some events with logger command in order to test your instalation.

Liviu.
Carlos Zampar
Advisor

Re: Syslogd on Tru64

Hi, I try logger and show only this in user.log file.

:>#logger -p kern.debug teste 2
:>#more user.log
Sep 26 07:40:25 ctame1 acsg31: teste 2

Liviu I.
Frequent Advisor

Re: Syslogd on Tru64

logger has the same behavior here too. I don't know why.
But syslog is running well, sending log lines to the logging server with appropriate facilities.
Carlos Zampar
Advisor

Re: Syslogd on Tru64

terminal display with syslog -d command.

ctame1:/sbin/init.d>#syslogd -d
Unix socket receive buffer set to 128 KB
Inet socket receive buffer set to 128 KB
off & running....
init
cfline(kern.debug /var/adm/syslog.dated/kern.log)
cfline(kern.* /var/adm/syslog.dated/kern.log)
syslogd: Unknown priority name: "*"
logmsg: pri 53, flags 4, from ctame1, msg syslogd: Unknown priority name: "*"
Logging to CONSOLE /dev/console
cfline(user.debug /var/adm/syslog.dated/user.log)
cfline(mail.debug /var/adm/syslog.dated/mail.log)
cfline(daemon.debug /var/adm/syslog.dated/daemon.log)
cfline(auth.debug /var/adm/syslog.dated/auth.log)
cfline(syslog.debug /var/adm/syslog.dated/syslog.log)
cfline(lpr.info /var/adm/syslog.dated/lpr.log)
cfline(kern.debug;user.debug;mail.debug;daemon.debug;auth.debug;syslog.debug;lpr.info @10.48.144.18)
cfline(msgbuf.err /var/adm/crash/msgbuf.savecore)
cfline(kern.debug /var/adm/messages)
cfline(kern.debug /dev/console)
cfline(*.emerg *)
cfline(local7.debug /var/adm/syslog.dated/ss7.log)
cfline(local7.debug /dev/console)
7 X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/kern.log
X X X X X X X X X X X X X X X X X X X X X X X X X UNUSED:
X 7 X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/user.log
X X 7 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/mail.log
X X X 7 X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/daemon.log
X X X X 7 X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/auth.log
X X X X X 7 X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/syslog.log
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/27-Sep-09:03/lpr.log
7 7 7 7 7 7 6 X X X X X X X X X X X X X X X X X X FORW: 10.48.144.18
X X X X X X X X X X X X X X X X X X X X X X X X X UNUSED:
7 X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/messages
7 X X X X X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/console
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
X X X X X X X X X X X X X X X X X X X X X X X 7 X FILE: /var/adm/syslog.dated/27-Sep-09:03/ss7.log
X X X X X X X X X X X X X X X X X X X X X X X 7 X CONSOLE: /dev/console
The /etc/syslog.auth file does not exist. Messages from all remote
hosts will be accepted.

The EVM subscriptions follow:
emerg alert crit err warning notice info debug
kern 1 1 1 1 1 1 1 0
user 1 1 1 1 1 1 0 0
mail 1 1 1 1 1 1 0 0
daemon 1 1 1 1 1 1 0 0
auth 1 1 1 1 1 1 0 0
syslog 1 1 1 1 1 1 0 0
lpr 1 1 1 1 1 1 0 0
news 1 1 1 1 1 1 0 0
uucp 1 1 1 1 1 1 0 0
cron 1 1 1 1 1 1 0 0
megasafe 1 1 1 1 1 1 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
local0 1 1 1 1 1 1 0 0
local1 1 1 1 1 1 1 0 0
local2 1 1 1 1 1 1 0 0
local3 1 1 1 1 1 1 0 0
local4 1 1 1 1 1 1 0 0
local5 1 1 1 1 1 1 0 0
local6 1 1 1 1 1 1 0 0
local7 1 1 1 1 1 1 0 0

logmsg: pri 56, flags 4, from ctame1, msg syslogd: restart
Logging to FILE /var/adm/syslog.dated/27-Sep-09:03/syslog.log
Logging to FORW 10.48.144.18
syslogd: restarted
read_dump: no msgbuf dump file found
readfds = 0x78
syslogd: exiting on signal 2
syslogd: exiting on signal 2
logmsg: pri 53, flags 4, from ctame1, msg syslogd: exiting on signal 2
Logging to FILE /var/adm/syslog.dated/27-Sep-09:03/syslog.log
Logging to FORW 10.48.144.18
Forwarding the message to evm (fac=5 pri=3) ..
Kapil Jha
Honored Contributor

Re: Syslogd on Tru64

HI
Just check if there is some escape character etc in the modified file.
you may use cat -e .
If you have saved old file use this file again and check if error is there.
Because whatever you have done is perfect nothing seems wrong.
Kapil
I am in this small bowl, I wane see the real world......
Liviu I.
Frequent Advisor

Re: Syslogd on Tru64

Please try the logger command with other facility than kern.* because this can only be used for kernel messages.

I don't know why the manual page of logger still specifies that you can use KERN facility, since none of the following OS's I tried logger with doesn't work : Tru64, Linux, FreeBSSD.

Eventually try to generate kern messages: if I remember right unplug the network cable, fill a disk or the worst case reboot. Of course all these apply if it's not a production system.
Carlos Zampar
Advisor

Re: Syslogd on Tru64

Hi,

follows result of cat -e syslog.conf:

# $
# *****************************************************************$
# * *$
# * Copyright 2002 Compaq Information Technologies Group, L.P. *$
# * *$
# * The software contained on this media is proprietary to *$
# * and embodies the confidential technology of Compaq *$
# * Computer Corporation. Possession, use, duplication or *$
# * dissemination of the software and media is authorized only *$
# * pursuant to a valid written license from Compaq Computer *$
# * Corporation. *$
# * *$
# * RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure *$
# * by the U.S. Government is subject to restrictions as set *$
# * forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, *$
# * or in FAR 52.227-19, as applicable. *$
# * *$
# *****************************************************************$
# $
# HISTORY$
# $
# @(#)$RCSfile: syslog.conf,v $ $Revision: 4.1.8.1 $ (DEC) $Date: 2000/10/19 19:13:52 $ $
# $
# $
# syslogd config file$
# $
# facilities: kern user mail daemon auth syslog lpr binary$
# priorities: emerg alert crit err warning notice info debug$
kern.debug /var/adm/syslog.dated/kern.log$
user.debug /var/adm/syslog.dated/user.log$
mail.debug /var/adm/syslog.dated/mail.log$
daemon.debug /var/adm/syslog.dated/daemon.log$
auth.debug /var/adm/syslog.dated/auth.log$
syslog.debug /var/adm/syslog.dated/syslog.log$
lpr.info /var/adm/syslog.dated/lpr.log$
kern.debug;user.debug;mail.debug;daemon.debug;auth.debug;syslog.debug;lpr.info @xxx.xxx.xxx.xx$
$
$
$
$
msgbuf.err /var/adm/crash/msgbuf.savecore$
$
kern.debug /var/adm/messages$
kern.debug /dev/console$
*.emerg *$
$
# $_DESC Logging Facility uses LOCAL7 facility code.$
local7.debug /var/adm/syslog.dated/ss7.log$
local7.debug /dev/console$

All the lines as finish with $ caracter.

And I tried logger command with others facilitys, works but logs only in user.log.

Now only auth and mail.log works, nothing more. ;)
Kapil Jha
Honored Contributor

Re: Syslogd on Tru64

hi,
file lloks good except a few blank line in between you can see 4-5 $ sign.Try removing those blank lines and kill the syslog processes using kill -9 and restart using
/usr/sbin/syslogd -e
i seriously do not understand what is wrong as everything seems to be fine....are you getting some mesaages in /var/adm/messages file.
BR,
Kapil
I am in this small bowl, I wane see the real world......
Carlos Zampar
Advisor

Re: Syslogd on Tru64

Hi Kapil,

I remove the blank lines and kill the syslog using kill -9 and restart using /usr/sbin/syslogd -e but no way, very strange.

If install syslog-ng on the Tru64, is a good idea or not? If yes, where I find the installation, and the instructions for Tru64?

Best, Cadu...
Kapil Jha
Honored Contributor

Re: Syslogd on Tru64

Hi,
The only last thing i could suggest is use the old file(if you do not have use backup)
and then use
kill -HUP 'cat /var/run/syslog.pid'
to reread syslog its configuration file.
By the way are u getting some messages in messages file as of now.
Kapil
I am in this small bowl, I wane see the real world......
Carlos Zampar
Advisor

Re: Syslogd on Tru64

Hi

I try the old file, but no way. Is very strange, I try everything, unsuccessfully. I need more information about the syslog-ng for Tru64, for me it´s a idea for test this problem.

Best.
jim owens_1
Valued Contributor

Re: Syslogd on Tru64

As was stated, you can't test "kern" messages unless you do something like reboot. And only kern messages go to /var/adm/messages

try using:

# ls -Ll /var/adm/syslog.dated/current

you will see the sizes of the files and then:

# logger -p daemon.warn TEST

will grow the daemon.log file. you can test other facilities (auth, lpr, mail).

The mistake you made when you added the lines to log to a remote host was using an IP. The host must be specified by NAME.
Carlos Zampar
Advisor

Re: Syslogd on Tru64

Hi Jim,

I tried syslog.conf with name for remote machine, this name (hostlog) is set in /etc/hosts.

/var/adm/syslog.dated/current>#/sbin/init.d/syslog start
System error logger started

And I tried for original syslog.conf file and the error on start syslogd continues. Follows the log for syslogd -d
with name instead the IP. After follows current syslog.conf file.

/var/adm/syslog.dated/current>#syslogd -d
Unix socket receive buffer set to 128 KB
Inet socket receive buffer set to 128 KB
off & running....
init
cfline(kern.debug /var/adm/syslog.dated/kern.log)
cfline(user.debug /var/adm/syslog.dated/user.log)
cfline(mail.debug /var/adm/syslog.dated/mail.log)
cfline(daemon.debug /var/adm/syslog.dated/daemon.log)
cfline(auth.debug /var/adm/syslog.dated/auth.log)
cfline(syslog.debug /var/adm/syslog.dated/syslog.log)
cfline(lpr.info /var/adm/syslog.dated/lpr.log)
cfline(kern.debug;user.debug;mail.debug;daemon.debug;auth.debug;syslog.debug;lpr.info @hostlog)
cfline(msgbuf.err /var/adm/crash/msgbuf.savecore)
cfline(kern.debug /var/adm/messages)
cfline(kern.debug /dev/console)
cfline(*.emerg *)
cfline(local7.debug /var/adm/syslog.dated/ss7.log)
cfline(local7.debug /dev/console)
7 X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/kern.log
X 7 X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/user.log
X X 7 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/mail.log
X X X 7 X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/daemon.log
X X X X 7 X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/auth.log
X X X X X 7 X X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/syslog.log
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/adm/syslog.dated/18-Oct-08:24/lpr.log
7 7 7 7 7 7 6 X X X X X X X X X X X X X X X X X X FORW: hostlog
X X X X X X X X X X X X X X X X X X X X X X X X X UNUSED:
7 X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/messages
7 X X X X X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/console
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
X X X X X X X X X X X X X X X X X X X X X X X 7 X FILE: /var/adm/syslog.dated/18-Oct-08:24/ss7.log
X X X X X X X X X X X X X X X X X X X X X X X 7 X CONSOLE: /dev/console
The /etc/syslog.auth file does not exist. Messages from all remote
hosts will be accepted.

The EVM subscriptions follow:
emerg alert crit err warning notice info debug
kern 1 1 1 1 1 1 1 0
user 1 1 1 1 1 1 0 0
mail 1 1 1 1 1 1 0 0
daemon 1 1 1 1 1 1 0 0
auth 1 1 1 1 1 1 0 0
syslog 1 1 1 1 1 1 0 0
lpr 1 1 1 1 1 1 0 0
news 1 1 1 1 1 1 0 0
uucp 1 1 1 1 1 1 0 0
cron 1 1 1 1 1 1 0 0
megasafe 1 1 1 1 1 1 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
local0 1 1 1 1 1 1 0 0
local1 1 1 1 1 1 1 0 0
local2 1 1 1 1 1 1 0 0
local3 1 1 1 1 1 1 0 0
local4 1 1 1 1 1 1 0 0
local5 1 1 1 1 1 1 0 0
local6 1 1 1 1 1 1 0 0
local7 1 1 1 1 1 1 0 0

logmsg: pri 56, flags 4, from ctame1, msg syslogd: restart
Logging to FILE /var/adm/syslog.dated/18-Oct-08:24/syslog.log
Logging to FORW hostlog
syslogd: restarted
read_dump: no msgbuf dump file found
readfds = 0x78
readfds = 0x78
readfds = 0x78
got a message (1, 0x8)
logmsg: pri 22, flags 0, from ctame1, msg Oct 18 08:25:28 sendmail[1047977]: My unqualified host name (ctame1) unknown; sleeping for retry
Logging to FILE /var/adm/syslog.dated/18-Oct-08:24/mail.log
Logging to FORW hostlog
Forwarding the message to evm (fac=2 pri=2) ...
readfds = 0x78
readfds = 0x78
readfds = 0x78
syslogd: exiting on signal 2
syslogd: exiting on signal 2
logmsg: pri 53, flags 4, from ctame1, msg syslogd: exiting on signal 2
Logging to FILE /var/adm/syslog.dated/18-Oct-08:24/syslog.log
Logging to FORW hostlog
Forwarding the message to evm (fac=5 pri=3) ...



/var/adm/syslog.dated>#more /etc/syslog.conf
#
# *****************************************************************
# * *
# * Copyright 2002 Compaq Information Technologies Group, L.P. *
# * *
# * The software contained on this media is proprietary to *
# * and embodies the confidential technology of Compaq *
# * Computer Corporation. Possession, use, duplication or *
# * dissemination of the software and media is authorized only *
# * pursuant to a valid written license from Compaq Computer *
# * Corporation. *
# * *
# * RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure *
# * by the U.S. Government is subject to restrictions as set *
# * forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, *
# * or in FAR 52.227-19, as applicable. *
# * *
# *****************************************************************
#
# HISTORY
#
# @(#)$RCSfile: syslog.conf,v $ $Revision: 4.1.8.1 $ (DEC) $Date: 2000/10/19 19:13:52 $
#
#
# syslogd config file
#
# facilities: kern user mail daemon auth syslog lpr binary
# priorities: emerg alert crit err warning notice info debug
kern.debug /var/adm/syslog.dated/kern.log
user.debug /var/adm/syslog.dated/user.log
mail.debug /var/adm/syslog.dated/mail.log
daemon.debug /var/adm/syslog.dated/daemon.log
auth.debug /var/adm/syslog.dated/auth.log
syslog.debug /var/adm/syslog.dated/syslog.log
lpr.info /var/adm/syslog.dated/lpr.log

kern.debug;user.debug;mail.debug;daemon.debug;auth.debug;syslog.debug @hostlog

msgbuf.err /var/adm/crash/msgbuf.savecore

kern.debug /var/adm/messages
kern.debug /dev/console
*.emerg *

# $_DESC Logging Facility uses LOCAL7 facility code.
local7.debug /var/adm/syslog.dated/ss7.log
local7.debug /dev/console

The command logger -p ***** TEST works, it write in log files, but only TEST by the logger nothing more. The normal messages generates by system are not written in log files. This problem is very very odd, I do not know what to do about this. Thanks in advance. Best regards, Cadu.
jim owens_1
Valued Contributor

Re: Syslogd on Tru64

> The normal messages generates by system are not written in log files.

What messages are you seeing that you think should be in the logs?

I don't have anything in my /var/adm/messages (or kern.log) since my reboot on Oct 2. In the last 7 days, except for the TEST messages, all my logs are empty except the daily: syslog.log - "restarted" and one mail.log with errors when our DNS was out.
Kapil Jha
Honored Contributor

Re: Syslogd on Tru64

HI Carlos,
Is problem resolved,did you open a HP s/w case for this????.
BR,
Kapil
I am in this small bowl, I wane see the real world......
Carlos Zampar
Advisor

Re: Syslogd on Tru64

Hi, everybody

after reinstall for all system, now works normal. Thanks Kapil, Liviu, Jim and all, thank very much.

Best, Carlos...
Carlos Zampar
Advisor

Re: Syslogd on Tru64

After reinstall system, now works normal.