UNIX for Dummies Questions & Answers

I have just "inherited" a Solaris box and there are a couple of problems, I think I have worked out what they are but I have no idea how to fix.

Basically login is very slow (system performance is good though) and I have a program that writes its errors to the syslog, which has stopped working.

So I am pretty sure that it is a syslog thing, I believe that it was set up to record all the syslog entries to a central host (before I got it) and it is still trying to do that, but cant so login, etc are taking longer.

I have tried looking through the man pages but I cant see anything obvious in the config files. Any Ideas?

Check the /etc/syslog.conf and read the man page on syslogd - there may be things it is sending to the log file that you can turn off.

There is also a script from SUN loaded on the system (normally) that you can set up to run from crontab (root).
/usr/lib/newsyslog

Log on to the box. Let's say that your user name is warrend. Do a "ps -fu warrend" and note the processes that are running. Next open another window and login again to the box. While it is stalled, do another "ps -fu warrend" and see what changed. We need the name of the program where the delay is taking place.

My guess is that you are stalling while checking the quotas of an nfs mounted filesystem.

Ok done that, there are no NFS mounts (but thought it would be interesting).

Logged in once, ran ps -fu warrend (am I that predictable?), showed my shell, then opened up anouther window and logged in (vai ssh) prompts for username, then wait...... (did the ps -fu a few times, just showed the one shell) more waiting..... prompts for password, then ran ps -fu again and showed two shells.

the only major thing that I have done is move it from one site to anouther, changing the IP address in the proccess [hence why it cant find the suspected loghost].

dump of the syslog.conf

bash-2.05$ cat syslog.conf
#ident "@(#)syslog.conf 1.4 96/10/11 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1993, by Sun Microsystems, Inc.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/console
*.err;kern.debug;daemon.notice;mail.crit /var/adm/syslog

*.alert;kern.err;daemon.err operator
*.alert root

*.emerg *

# *.auth /var/log/authlog
authpriv.* /var/log/secure
*.info;mail.none;news.none;authpriv.none /var/log/messages

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/console
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
#

Warren.

Well, now I have a new theory. 8)

When you login remotely, the login program can easily find your remote ip address. It then queries DNS to convert the ip address to a host name. It must do this while it is still root since the log files are only writable by root. Type "who", and I'll bet that your origin just shows up as an IP address. Now type "nslookup 123.123.123.123" or whatever the IP address actually is. I'll bet that command will stall too.

If my second theory is correct, you need to make sure that your reverse dns entry is in the dns server. And you need to make sure that /etc/resolv.conf has the ip addresses of the dns servers for your new location.