Login or Register to Ask a Question and Join Our Community


Problems with logadm / syslog in Sol 9/10


 
Thread Tools Search this Thread
Operating Systems Solaris Problems with logadm / syslog in Sol 9/10
# 1  
Old 10-29-2008
Problems with logadm / syslog in Sol 9/10

Hello folks,

I've been making some changes to logadm.conf, but I'm not getting quite the results that I'm expecting

Code:
/var/log/pool/poold -a 'pkill -HUP poold; true' -N -s 512k
/var/svc/log/*.log -C 8 -N -s 1m
/var/adm/messages -a 'pkill -HUP `cat /var/run/syslog.pid`' -C 8 -s 10m
/var/adm/pacct -a 'usr/lib/acct/accton pacct' -C 0 -g adm -m 664 -N -o adm -p never
/var/cron/log -c -s 512k -t /var/cron/olog
/var/fm/fmd/errlog -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile' -N -s 2m
/var/fm/fmd/fltlog -A 6m '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile' -N -s 10m
/var/log/syslog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -s 10m
/var/lp/logs/lpsched -C 8 -N -t '$file $N'
/var/adm/spellhist -N -s 512k -t /var/adm/spellhist.old
/var/adm/sulog -C 8 -N -s 512k
/var/adm/vold.log -N -s 256k -t /var/adm/vold.log.old
/var/adm/wtmpx -N -p never -s 5m -t /var/adm/wtmpx.old
/var/saf/_log -C 8 -N -s 256k
/var/saf/zsmon/log -C 8 -N -s 256k
/var/log/authlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 256k
/var/log/kernlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/log/userlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/log/daemonlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/adm/loginlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/log/maillog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 0 -N -s 512m

But, the logs aren't rotating based on size as expected (of specific concern are maillog, messages, authlog and wtmpx)

Yes, I do restart the daemon after each modification

I'm sure that I'm missing something simple, but I'm just not seeing it...
# 2  
Old 10-30-2008
What do you want to achieve?
# 3  
Old 10-30-2008
I'm hoping to see my logs rotate based on exceeding the size limitation. Failing this, I'll need to switch to date based rotation.
# 4  
Old 10-31-2008
Have you actually made use of the syslog.conf file ?
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

*.alert;kern.err;daemon.err operator
*.alert root

*.emerg *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
# 5  
Old 10-31-2008
syslog.conf:
Code:
#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
################################################################################

### Alerts to users:
*.emerg                                 *
*.alert;kern.notice                     root, operator
################################################################################

### Alerts to file only
auth.err                                /var/log/authlog
mail.info                               /var/log/maillog
*.notice                                /var/adm/messages
### ORACLE database servers (Fujitsu hardware):
*.debug;user.info;mark,syslog.debug     /opt/SMAW/SMAWlog3/syslogd_pipe
################################################################################

### Alerts to file and loghost
*.err;auth.notice;kern.debug            ifdef(`LOGHOST', /var/adm/messages, @loghost)
kern.info                               ifdef(`LOGHOST', /var/log/kernlog, @loghost)
user.info                               ifdef(`LOGHOST', /var/log/userlog, @loghost)
daemon.info                             ifdef(`LOGHOST', /var/log/daemonlog, @loghost)
auth.info                               ifdef(`LOGHOST', /var/log/authlog, @loghost)
cron.info                               ifdef(`LOGHOST', /var/log/cronlog, @loghost)
################################################################################

Some applications are writing to files directly...
# 6  
Old 10-31-2008
Run "logadm -vn" to get verbose output without changing any log files. That might help troubleshoot this.
# 7  
Old 11-03-2008
Here are the results of logadm -vn:
Code:
bash-3.00# logadm -vn
# loading /etc/logadm.conf
# processing logname: /var/log/pool/poold
#     using default expire rule: -C10
#     using default template: $file.$n
# processing logname: /var/svc/log/*.log
#     using default template: $file.$n
# processing logname: /var/adm/messages
#     using default template: $file.$n
# processing logname: /var/adm/pacct
#     using default template: $file.$n
# processing logname: /var/cron/log
#     using default expire rule: -C10
# processing logname: /var/fm/fmd/errlog
#     using default expire rule: -C10
#     using default template: $file.$n
# processing logname: /var/fm/fmd/fltlog
#     using default template: $file.$n
# processing logname: /var/log/syslog
#     using default template: $file.$n
# processing logname: /var/lp/logs/lpsched
#     using default rotate rules: -s1b -p1w
# processing logname: /var/adm/spellhist
#     using default expire rule: -C10
# processing logname: /var/adm/sulog
#     using default template: $file.$n
# processing logname: /var/adm/vold.log
#     using default expire rule: -C10
# processing logname: /var/adm/wtmpx
#     using default expire rule: -C10
# processing logname: /var/saf/_log
#     using default template: $file.$n
# processing logname: /var/saf/zsmon/log
#     using default template: $file.$n
# processing logname: /var/log/authlog
#     using default template: $file.$n
# processing logname: /var/log/kernlog
#     using default template: $file.$n
# processing logname: /var/log/userlog
#     using default template: $file.$n
# processing logname: /var/log/daemonlog
#     using default template: $file.$n
# processing logname: /var/adm/loginlog
#     using default template: $file.$n
# processing logname: /var/log/maillog
#     using default template: $file.$n
# /etc/logadm.conf unchanged

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Can't execute logadm proberly

Hello, I am trying to rotate my logs using logadm, so I did the following logadm -w /traces/mylogs.out -C 5 -p 1d -o user -g group -m 644 -c -t '/traces/mylogs.out.$n' -z 1 and then tried to test it by logadm -v and it gets stuck at truncation step # processing logname: /traces/mylogs.out... (5 Replies)
Discussion started by: eng_asa
5 Replies

2. Solaris

How to logrotate a file after X days with logadm?

Hi Guys - We have the /var/adm/pacct file currently configured to log rotate using logadm - here is the entry in logadm.conf: /var/adm/pacct -C 0 -N -P 'Wed Oct 23 08:00:00 2013' -a '/usr/lib/acct/accton pacct' -g adm -m 664 -o adm -p never Just want to ask if it would like possible to... (1 Reply)
Discussion started by: akaterasu
1 Replies

3. Shell Programming and Scripting

Logadm

I need to delete the logs using logadm command. we have application that generates to logs automatically with different dates every day like error_20121121.log and so on... using lodadm can i delete the logs of last 10 days using crontabentry? i am confuse here becasue if we use logadm what... (1 Reply)
Discussion started by: phani4u
1 Replies

4. Solaris

logadm rotates log every time

I'm running logadm manually to test and it seems to be rotating my /var/log/oracle/oracle_audit.log file every single time it's ran instead of rotating once it gets passed 10 gigs, any ideas? Here's the logadm.conf for reference. (0 Replies)
Discussion started by: thmnetwork
0 Replies

5. Solaris

LOGADM

Dear experts. I was wondering if logadm preserves ACL setuped on for instance, /var/log/authlog. From man : ...by creating an empty file whose owner, group ID, and permissions match the original file.... Is this ACL inclusive or i need to use -a option (run cmd after... (1 Reply)
Discussion started by: Peasant
1 Replies

6. Solaris

JASS - upgrading from Sol 9 to Sol 10

Do I need to reinstall/rerun JASS after upgrading from Sol9 to Sol10? Just wondered if the upgrade procedure overwrote any of the settings etc? (0 Replies)
Discussion started by: psychocandy
0 Replies

7. Solaris

Couple logadm questions

My logadm.conf is below. Is there a way to match a log file that appends the time/date stamp after the log file? Also, a 0 is being appended onto the files I'm compressing and having rotated. Is there a way to fix that? /var/apache/tomcat55/logs/catalina.out -C 30 -P 'Fri Jun 18 16:48:55... (5 Replies)
Discussion started by: LittleLebowski
5 Replies

8. UNIX for Advanced & Expert Users

luupgrade: Sol 8 -> Sol 10 u7 (5/09)

Greetings Forumers! I ran into an issue after running luupgrade on v880 running Solaris 8. I want to upgrade to Solaris 10. When I rebooted the system I noticed the file systems listed as such: # df -h Filesystem size used avail capacity Mounted on /dev/dsk/c1t1d0s0 ... (2 Replies)
Discussion started by: bluescreen
2 Replies

9. Solaris

logadm

I have a log file that I want to rotate each day without keeping old copies. how to achieve that? thx (3 Replies)
Discussion started by: melanie_pfefer
3 Replies

10. Solaris

logadm package

Does anyone know what package logadm is part of? It's not on my Solaris 9 machine, I presume because I only have a core installation. But I'd like to ad it. Any help would be appreciated. (1 Reply)
Discussion started by: syscity
1 Replies
Login or Register to Ask a Question

Featured Tech Videos