Login or Register to Ask a Question and Join Our Community


Solaris

/var/log/syslog

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris /var/log/syslog
# 1  
Old 02-16-2010
/var/log/syslog
Hi,
Solaris : 9
I noticed /var/log/syslog message file growing fast in abnormal way since 4 or 5 days. due to this my root / filesystem is getting filled with 100% .

Code:
root $ls -ltr
total 4683730
-rwxrwxrwx   1 root     sys            0 Oct 17  2005 authlog
-rwxrwxrwx   1 root     other        254 Oct 17  2005 sysidconfig.log
-rwxrwxrwx   1 root     sys      232392781 Dec 22 03:07 syslog.7
-rwxrwxrwx   1 root     sys      234862215 Dec 29 03:07 syslog.6
-rwxrwxrwx   1 root     sys      237526516 Jan  5 03:08 syslog.5
-rwxrwxrwx   1 root     sys      239885061 Jan 12 03:08 syslog.4
-rwxrwxrwx   1 root     sys      242073740 Jan 19 03:08 syslog.3
-rwxrwxrwx   1 root     sys      244402872 Jan 26 03:08 syslog.2
-rwxrwxrwx   1 root     sys      872775680 Feb 12 19:40 syslog.0
-rwxrwxrwx   1 root     sys      92855508 Feb 16 10:26 syslog

appreciate an early response.

Regards
Last edited by zaxxon; 02-16-2010 at 03:31 AM.. Reason: use code tags please, ty
# 2  
Old 02-16-2010
Check the /etc/default/syslogd file.

Here disable the LOG_FROM_REMOTE

ie

Code:
LOG_FROM_REMOTE=NO

# 3  
Old 02-16-2010
The OS is badly trying to tell you something. Have a look at these files content to see what it is. You can then safely remove the syslog.[0-7] files. Fix the issue at the origin of the messages.
# 4  
Old 02-17-2010
Dear All,

amitranjansahu:
i checked the entry so i dont think this is issue.
#LOG_FROM_REMOTE=YES

1) can we delete the files from this location /var/spool/clientmqueue and any impact on other things with deletion of this files.

2)Last lines of syslog entries., expecting some early response this is our production machine.


Code:
Feb 17 09:44:22 DBSERVER sendmail[10896]: [ID 801593 mail.info] o1DL750u028621: to=postmaster, delay=3+04:39:40, xdelay=00:00:00, mailer=relay, pri=23613203, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[5106]: [ID 801593 mail.info] o1DIq50j002300: to=postmaster, delay=3+07:44:34, xdelay=00:00:00, mailer=relay, pri=24513203, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[12060]: [ID 801593 mail.info] o1DBb5Ah006054: to=postmaster, delay=3+17:50:12, xdelay=00:00:00, mailer=relay, pri=27213203, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[17490]: [ID 801593 mail.info] o1G9b711016315: to=postmaster, delay=03:08:41, xdelay=00:00:00, mailer=relay, pri=1023210, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[2162]: [ID 801593 mail.info] o1DHM513015134: to=root, delay=3+09:51:48, xdelay=00:00:00, mailer=relay, pri=25141539, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[21598]: [ID 801593 mail.info] o1F5b613020595: to=root, delay=1+11:50:23, xdelay=00:00:00, mailer=relay, pri=11011541, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[6202]: [ID 801593 mail.info] o1DBb52J006054: to=postmaster, delay=3+18:04:36, xdelay=00:00:00, mailer=relay, pri=27303203, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[19626]: [ID 801593 mail.info] o1EE760c020134: to=postmaster, delay=2+06:50:28, xdelay=00:00:00, mailer=relay, pri=16863206, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:22 DBSERVER sendmail[26380]: [ID 801593 mail.info] o1DEq51K016007: to=root, delay=3+13:27:03, xdelay=00:00:00, mailer=relay, pri=26311539, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[26910]: [ID 801593 mail.info] o1C67315010917: to=root, delay=4+21:18:49, xdelay=00:00:00, mailer=relay, pri=27751539, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[15193]: [ID 801593 mail.info] o1FGb711001496: to=root, delay=22:49:05, xdelay=00:00:00, mailer=relay, pri=7051541, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[15857]: [ID 801593 mail.info] o1DAq57L026800: to=postmaster, delay=3+18:04:57, xdelay=00:00:00, mailer=relay, pri=26493203, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[29474]: [ID 801593 mail.info] o1E4b50a025561: to=root, delay=2+18:40:16, xdelay=00:00:00, mailer=relay, pri=20551539, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[28344]: [ID 801593 mail.info] o1EI760i006522: to=postmaster, delay=2+01:53:55, xdelay=00:00:00, mailer=relay, pri=15423210, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[23685]: [ID 801593 mail.info] o1E27511026795: to=root, delay=2+21:52:28, xdelay=00:00:00, mailer=relay, pri=21541539, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[20468]: [ID 801593 mail.info] o1GAM70w024852: to=postmaster, delay=02:24:55, xdelay=00:00:00, mailer=relay, pri=843210, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[23555]: [ID 801593 mail.info] o1DEb51N013105: to=postmaster, delay=3+13:48:17, xdelay=00:00:00, mailer=relay, pri=26313203, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[255]: [ID 801593 mail.info] o1DBM585003027: to=postmaster, delay=3+18:03:07, xdelay=00:00:00, mailer=relay, pri=26145712, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[11078]: [ID 801593 mail.info] o1E9b50a025662: to=root, delay=2+12:26:38, xdelay=00:00:00, mailer=relay, pri=18661539, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Feb 17 09:44:23 DBSERVER sendmail[9443]: [ID 801593 mail.info] o1FDq70q029956: to=root, delay=1+02:09:01, xdelay=00:00:00, mailer=relay, pri=8131541, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]


Regards
Last edited by pludi; 02-17-2010 at 03:33 AM.. Reason: code tags, please...
# 5  
Old 02-17-2010
whatever you want to remove or housekeep, ensure you have a backup. how critical is sendmail used in your environment? can you turn it off?
You should also look everywhere in the OS where that could be huge culprits resting in there.
# 6  
Old 02-17-2010
Hi Incredible,

thanks for your reply ,
1)what ever you want to remove or housekeep ,
I would like to know whether this files are critical i mean to ask like /tmp logfiles, we can delete . apologize for asking basic question.

2)how critical is sendmail used in your environment? can you turn it off?
we are running Oracle 9.2 database on this server.

need your suggestions in which area should i start investigation.

Regards
# 7  
Old 02-17-2010
Backup... That's a very impt thing.
Then remove all contents under /tmp (anyway, they will go off after a reboot)
cd /var/crash/`hostname` <--- check if there are any coredump files in there, if yes remove.
cd /
du -sk * |sort -rn |head
see which directory shows highest usage and narrow down from there.
Remove old logs.. Logs which are not used by apps and will not be used, i they are big, zip/compress them.
reverify df -k .
Lastly, let us know the progress Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog

I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog. tail -f /var/log/messages dblogger: msg_to_dbrow: no logtype using missing dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies

2. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

3. Programming

Openlog and syslog in red-hat Linux doesn't write any thing to /var/log/*

Using redhat 64 bit ver 6.2 I have simple c++ app that is trying to write to syslog like this: /* try to write massage into linux log */ void foo::writeToSyslog() { openlog("testlogfoo", 0, 24); // Send the message. ... (1 Reply)
Discussion started by: umen
1 Replies

4. Solaris

Understanding /var/log/syslog.* logfiles solaris 8

hi guys, This is a log from a Solaris 8 server /var/log/syslog.* file. Can any body please confirm whether the meaning of the last two words (Mail accepted) means the mail has been delivered? Because the email id the mail was sent to is invalid. :confused: The log is: Feb 18 08:55:45... (2 Replies)
Discussion started by: raj_55555
2 Replies

5. HP-UX

Script to monitor /var/opt/resmon/log/event.log file

AM in need of some plugin/script that can monitor HP-UX file "/var/opt/resmon/log/event.log" . Have written a scrip in sh shell that is working fine for syslog.log and mail.log as having standard format, have interrogated that to Nagios and is working as I required . But same script failed to... (3 Replies)
Discussion started by: Shirishlnx
3 Replies

6. Shell Programming and Scripting

How can view log messages between two time frame from /var/log/message or any type of log files

How can view log messages between two time frame from /var/log/message or any type of log files. when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval. Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies

7. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards (3 Replies)
Discussion started by: vks47
3 Replies

8. Solaris

Changing of syslog file path instead of /var/log directory

Hi Please let me know how can we change the syslog file path from /var/log to /a directory in solaris Regards (4 Replies)
Discussion started by: amity
4 Replies

9. UNIX for Advanced & Expert Users

/var/adm/messages vs /var/log/messages

The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux. I checked the log level in Linux and they seem OK. Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies

10. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
Login or Register to Ask a Question