- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Strange issue with /var/adm/sulog.
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2012 06:12 AM
06-25-2012 06:12 AM
Hi,
We've got a weird issue with the file /var/adm/sulog in serveral of our HPUX 11.23 boxes. The sulog file gets filled with lots of supposed su's (root to root and root to oracle), which nobody are doing. It there must be some process accesing writing on the file but i can't find it, fuser on /var/adm/sulog (even every second) returns nothing. ¿How can I find the culprit?
SU 06/25 12:45 + tty?? root-root
SU 06/25 12:45 + tty?? root-oracle
SU 06/25 12:50 + tty?? root-oracle
SU 06/25 12:55 + tty?? root-oracle
SU 06/25 12:59 + tty?? root-oracle
SU 06/25 12:59 + tty?? root-oracle
SU 06/25 13:00 + tty?? root-root
SU 06/25 13:00 + tty?? root-oracle
SU 06/25 13:05 + tty?? root-oracle
SU 06/25 13:10 + tty?? root-oracle
SU 06/25 13:15 + tty?? root-root
SU 06/25 13:15 + tty?? root-oracle
SU 06/25 13:19 + tty?? root-oracle
SU 06/25 13:19 + tty?? root-oracle
SU 06/25 13:20 + tty?? root-oracle
SU 06/25 13:25 + tty?? root-oracle
SU 06/25 13:30 + tty?? root-root
SU 06/25 13:30 + tty?? root-oracle
SU 06/25 13:35 + tty?? root-oracle
SU 06/25 13:39 + tty?? root-oracle
SU 06/25 13:39 + tty?? root-oracle
SU 06/25 13:40 + tty?? root-oracle
SU 06/25 13:45 + tty?? root-root
SU 06/25 13:45 + tty?? root-oracle
SU 06/25 13:50 + tty?? root-oracle
SU 06/25 13:55 + tty?? root-oracle
SU 06/25 13:59 + tty?? root-oracle
SU 06/25 13:59 + tty?? root-oracle
SU 06/25 14:00 + tty?? root-root
Regards.
Solved! Go to Solution.
- Tags:
- su
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2012 06:25 AM
06-25-2012 06:25 AM
Re: Strange issue with /var/adm/sulog.
You see this kind of log entries when you have an enterprise job scheduler in place. The scheduler runs as a root daemon and every job executed uses su to become the user in the job definition. Do you have a job scheduler installed on this server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2012 12:32 AM
06-26-2012 12:32 AM
Re: Strange issue with /var/adm/sulog.
Hi,
Yeah, we have a Control-M server and the agent is installed in this box. I've stopped the Control-M just for trying and the sulog file kept filling with the same entries.... so i can't be that, huh?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2012 12:37 AM
06-26-2012 12:37 AM
Re: Strange issue with /var/adm/sulog.
I mean i stopped the Control-M agent in the "affected" machine and the logging didnt stop.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2012 10:37 AM
06-26-2012 10:37 AM
Re: Strange issue with /var/adm/sulog.
>I stopped the Control-M agent
Do you still use cron?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2012 01:45 AM
06-27-2012 01:45 AM
Re: Strange issue with /var/adm/sulog.
Yeah, there are some cron entries set up in this box but, I've checked all of them and there's no "su" command in any of the scripts involved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2012 02:10 AM
06-28-2012 02:10 AM
Re: Strange issue with /var/adm/sulog.
Bump!
Anyone willing to help with this problem??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2012 08:32 AM
06-28-2012 08:32 AM
Re: Strange issue with /var/adm/sulog.
"Brute force" method:
Move the su command temporarily to a different name:
# mv /bin/su /bin/su.disabled
Then wait and see what (if anything) stops working.
Once you've found the cause, move the su command back the way it was.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2012 06:14 AM
06-29-2012 06:14 AM
SolutionYou said you stopped the agent and it kept happening. That’s because jobs are queued in advance. You would have to leave the agent off for an extended period and stop processing jobs on that host. I've used both of those job control systems for years and this is normal behavior. As I mentioned before the job scheduling agent runs as root and uses su to become the defined user for every job it launches. Every su gets logged by the system. If the size of the file is an issue then you may want to roll and compress the log more often.
If you need more detail on why it's happening, you may want to call you Control-M support center.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2012 12:34 AM
07-03-2012 12:34 AM
Re: Strange issue with /var/adm/sulog.
Thanks everybody for your answers. I accept the Control-M explanation so that's it, the size of the file is not a problem so far, it was just that we didnt know the origin of those number of entries and we were scratching our heads lol