Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


Problem with logrotation


Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
Problem with logrotation

Hi,

I have been trying to configure log rotation for the OS version Solaris 10, however it is not working.
In Linux, these would be the parameters :

Code:
rotate 4
missingok
notifempty
compress
size 15M
create 0644 root root

To do the same in Solaris, I am not sure of the exact parameters to use to match the ones above, but the basic configuration I did was :

Code:
# vi /etc/logadm.conf 

#### SIEM logs #####
/var/log/dbaudit.log -C 4 -s 15m

However, after I restart syslog :

Code:
# svcadm restart system/system-log

I still do not see dbaudit.log generated in /var/log. All the logging goes to audit.log. How do I prevent this, and instead make the logs generate in dbaudit.log?
I want to force logrotation to see if it works :
Code:
# logadm -p now /var/log/dbaudit.log

But if the log is not even there, how do I logrotate?

This is the syslog.conf file :

Code:
root@edms # less /etc/syslog.conf
#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;auth.info;kern.debug;daemon.notice;mail.crit      /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root
local1.warn                                     /var/log/audit.log
local1.warning                                  /var/log/dbaudit.log
*.info;auth.info                                @loghost
*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *
)

############# SIEM testing purpose ###################
.       @10.89.4.233
######################################################
(END)


Last edited by anaigini45; 02-14-2019 at 11:30 PM..
# 2  
First of all, the /etc/syslog.conf file needs TABs to separate columns, not space characters.
Test with
Code:
grep '^[^#].*  ' /etc/syslog.conf

Must be empty. Otherwise correct with a text editor
(vi has the useful commands :set list and :set nolist)

Maybe syslogd does not create its log files. Manually create it with
Code:
touch /var/log/dbaudit.log

Restart syslogd
Look who has opened the file with
Code:
fuser /var/log/dbaudit.log

Must be the syslogd.

The logadm is optional.
I think it only rotates if the target file is present.
# 3  
Ok, the logs are generated after I touch dbaudit.log.
And the output of
Code:
grep '^[^#].*  ' /etc/syslog.conf

is empty.

However, now how do I make logrotation work?

I tried running the command
Code:
logadm -p now /var/log/dbaudit.log

however logs not rotated :

Code:
-rw-r--r--   1 root     root     41236362 Feb 18 09:48 audit.log
-rw-r--r--   1 root     root       10507 Feb 18 09:48 dbaudit.log
root@edms # pwd
/var/log
root@edms #

# 4  
The -p now overrides a -p in /etc/logadm.conf or the default -p 1w,
but you also need -s 0b to override a -s in /etc/logadm.conf or the default -s 1b.
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
sed Or Grep Problem OR Terminal Problem?
Nexeu
I don't know if you guys get this problem sometimes at Terminal but I had been having this problem since yesterday :( Maybe I overdid the Terminal. Even the codes that used to work doesn't work anymore. Here is what 's happening: * I wanted to remove lines containing digits so I used this...... UNIX for Dummies Questions & Answers
25
UNIX for Dummies Questions & Answers
Logrotation
phani4u
Hi , We have so many log files which will increase the size day by day.. can any one let us know how to rotate the log files.. I want to move the logfile to other location after particular time and size of the log file is there any script to change these??... Shell Programming and Scripting
2
Shell Programming and Scripting
Problem with forwarding emails (SPF problem)
carwe
Hi, This is rather a question from a "user" than from a sys admin, but I think this forum is apropriate for the question. I have an adress with automatic email forwarding and for some senders (two hietherto), emails are bouncing. This has really created a lot of problems those two time so I...... IP Networking
0
IP Networking
Need help with logrotation
renuka
Hi I need help in rotating logs. A folder /tftpboot holds following directories, these directories are created everyday automatically, these are backup folders, that is they hold backup of data. drwxr-xr-x 2 phone phone 4096 Nov 1 13:19 1nov09.bkp drwxr-xr-x 2 phone phone 4096 Nov...... Fedora
4
Fedora
user login problem & Files listing problem.
pernasivam
1) when user login to the server the session got colosed. How will resolve? 2) While firing the command ls -l we are not able to see the any files in the director. but over all view the file system using the command df -g it is showing 91% used. what will be the problem? Thanks in advance.... AIX
1
AIX

Featured Tech Videos