/var/adm/messages not updating | Unix Linux Forums | Solaris

  Go Back    

Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

/var/adm/messages not updating


Closed Thread    
Thread Tools Search this Thread Display Modes
Old 03-31-2010
mmletzko mmletzko is offline
Registered User
Join Date: Mar 2010
Last Activity: 9 September 2010, 2:10 PM EDT
Posts: 5
Thanks: 0
Thanked 1 Time in 1 Post
/var/adm/messages not updating

This is Solaris 10.

I have devices sending syslog, but the /var/adm/messages file is not updating anymore. Here's what I did when it stopped. I wanted to change the location of where the messages are being logged to a SAN drive.

1) Made a backup of syslog.conf
2) Edited the file to change the 2 lines sending messages to /var/adm/messages to another path (maintaining the correct tabs, etc)
3) Refreshed the service using the "kill -HUP <pid>" command

If I try to restart the service using the the command "svcadm restart svc:/system/system-log:default", I see this error in the messages file:

Mar 31 14:02:29 tnsp03350 syslogd: going down on signal 15
Mar 31 14:02:29 tnsp03350 syslogd: Unable to bind syslog port for

Does this mean anything?

I can use the logger command to successfully write to the file.

I also rotated the messages file by renaming it, creating a new one, then refreshing the service - that hasn't helped either.

Any help would be appreciated.

Sponsored Links
Old 03-31-2010
methyl methyl is offline Forum Advisor  
Join Date: Mar 2008
Last Activity: 26 December 2014, 10:07 PM EST
Posts: 6,396
Thanks: 287
Thanked 673 Times in 642 Posts
Please post the contents of syslog.conf before and after the change.

If (and only if) the new syslog.conf is valid, are you in a position to reboot the server?

Btw. There are established techniques for dealing with the size of /var/adm/messages . Giving it space to grow unbounded is not one of them. Renaming the file is not one either. You are dealing with an open file from an active process.

On most systems the system logging process will fail if the log file tries to exceed 2 Gb or if /var/adm runs out of disc space.

How big is the original /var/adm/messages file which may have prompted you to try to relocate the log?

Last edited by methyl; 03-31-2010 at 08:22 PM.. Reason: assorted clarifications
Sponsored Links
Old 03-31-2010
naw_deepak naw_deepak is offline
Registered User
Join Date: Oct 2008
Last Activity: 30 September 2013, 1:53 PM EDT
Location: New Delhi, India
Posts: 167
Thanks: 1
Thanked 0 Times in 0 Posts
Make sure that syslogd daemon is having sufficient permission to write on the file which you created instead /var/adm/messages.

Old 04-01-2010
incredible incredible is offline Forum Advisor  
Registered User
Join Date: May 2008
Last Activity: 24 August 2014, 5:15 AM EDT
Location: SINGAPORE.. The "FINE" City
Posts: 2,693
Thanks: 1
Thanked 19 Times in 19 Posts
Any recent activities like OS hardening, etc done prior to this problem? what are the directory and file permissions? default values?
Sponsored Links
Old 04-01-2010
mmletzko mmletzko is offline
Registered User
Join Date: Mar 2010
Last Activity: 9 September 2010, 2:10 PM EDT
Posts: 5
Thanks: 0
Thanked 1 Time in 1 Post
/var/adm/messages not updating

The messages file was over 600mb. Plenty of room on disk.

I submitted a request to have the box rebooted.

The syslog.conf file below is what's in place right now. Not sure if this is original - Splunk was installed on this box so it may have changed it.

After I backed it up, the only changes I made to this file were the 2 paths highlighted in red. Here is the original - my change was simply just a new path - with the tabs retained.

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
# syslog configuration file.
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
*.alert;kern.err;daemon.err                     operator
*.alert                                         root
*.emerg                                         *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *

From googling, I read that one of the correct ways to do this was to rename or copy the messages file, then restart the service which is what I did. This is one of the links I used as a guide, although there were many:

Solaris System Admin tips: /var/adm/messages

I'm sure there was some hardening done, but that would have been done before I got access to the box. SYSLOG WAS working, right up until the point where I tried to make the change.

Here are the permissions of the files in the folder:

drwxrwxr-x 5 adm adm 5 Feb 10 15:13 acct
-rw------- 1 uucp bin 0 Aug 25 2008 aculog
drwxr-xr-x 2 adm adm 2 Mar 3 2009 exacct
-r--r--r-- 1 root root 14302092 Apr 1 15:40 lastlog
drwxr-xr-x 2 adm adm 2 Mar 3 2009 log
-rw-r--r-- 1 root root 0 Mar 31 15:38 messages
-rw-r--r-- 1 root root 502826 Mar 26 03:04 messages.0
-rw-r--r-- 1 root root 6971261 Mar 19 03:07 messages.1
-rw-r--r-- 1 root root 618895 Mar 11 03:09 messages.2
-rw-r--r-- 1 root root 1330218 Mar 4 03:00 messages.3
drwxr-xr-x 2 root sys 2 Mar 3 2009 pool
drwxrwxr-x 2 adm sys 2 Mar 3 2009 sa
-r-------- 1 root root 110 Mar 18 22:04 setpass.log
drwxr-xr-x 2 root sys 2 Mar 3 2009 sm.bin
-rw-rw-rw- 1 root bin 0 Aug 25 2008 spellhist
drwxr-xr-x 2 root sys 2 Mar 3 2009 streams
-rw------- 1 root nhbw13t 4493 Apr 1 08:55 sudo.log
-rw------- 1 root root 216 Mar 25 15:37 sulog
-rw-r--r-- 1 root root 0 Feb 10 15:45 syslog
-rw-r--r-- 1 root bin 3348 Apr 1 12:40 utmpx
-rw-r--r-- 1 root root 0 Mar 3 2009 vold.log
drwxr-xr-x 2 root sys 6 Mar 8 14:35 vx
-rw-r--r-- 1 adm adm 630540 Apr 1 15:40 wtmpx

Thanks for the input guys!
The Following User Says Thank You to mmletzko For This Useful Post:
Victorio-P (11-07-2012)
Sponsored Links
Old 04-01-2010
mmletzko mmletzko is offline
Registered User
Join Date: Mar 2010
Last Activity: 9 September 2010, 2:10 PM EDT
Posts: 5
Thanks: 0
Thanked 1 Time in 1 Post
Formatting correction

Sorry for the formatting of the syslog.conf in the message - I'm not sure how to get it to look like the original. I attached it instead.
Attached Files
File Type: txt syslog.conf.txt (1.3 KB, 14 views)
Sponsored Links
Old 04-01-2010
solaris_user solaris_user is offline
Registered User
Join Date: Aug 2009
Last Activity: 20 September 2014, 12:21 PM EDT
Location: Croatia
Posts: 440
Thanks: 32
Thanked 18 Times in 17 Posts
Try to redirect errors on central server

The Blog of Ben Rockwood

please give me output from

du -h /var/log

df -k /var/log

Do you have dual mount point : one for /var and one for /root ?
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Help understanding [daemon.warning] messages in /var/adm/messages jpg.2009 Solaris 1 06-13-2009 06:43 PM
/var/log/messages and secure not updating z1dane Red Hat 3 03-23-2009 09:23 AM
Info req: /var/adm/messages - Kern.warning - different ID messages Petrucci Solaris 1 12-04-2008 01:30 PM
awk updating one file with another, comparing, updating mecano Shell Programming and Scripting 11 09-14-2008 07:50 AM

All times are GMT -4. The time now is 06:18 AM.