Board index Solaris

syslog configuration questions

syslog configuration questions

Post by Ron Zcor » Thu, 23 Aug 2001 06:43:27



Hopefully several simple questions:

1) Why does the /usr/lib/newsyslog script have a "sleep 40" ?

Occasionally after modifing the syslog.conf file and using kill HUP to stop and
restart syslog - syslog is not restarted. Starting syslog with
"/etc/init.d/syslog start"  seems to work okay and the proper information is
logged.

2) Any guesses as to why this is happening?

3) Should I expect /usr/lib/newsyslog to execute and not restart newsyslog?

I have servers logging information locally and to a log server.

4) On the log server is there a way, using the syslog.conf file, to seperate
the "log server" messages from the messages generated from the other servers?

Any information or suggestions would be appreciated.

 
 
 
Top

syslog configuration questions

Post by Mathew Kirsc » Fri, 24 Aug 2001 23:24:56



> 1) Why does the /usr/lib/newsyslog script have a "sleep 40" ?

> Occasionally after modifing the syslog.conf file and using kill HUP to stop and
> restart syslog - syslog is not restarted. Starting syslog with
> "/etc/init.d/syslog start"  seems to work okay and the proper information is
> logged.

A kill -HUP shouldn't make syslogd "go away" like that. All a HUP signal is
supposed to do is make the process re-read its configuration file. There is
most likely something wrong with your syslog.conf file.

Quote:> 2) Any guesses as to why this is happening?

Your syslog.conf file is incorrect maybe?
Your syslogd might also be broken. Check out the latest Recommended patch
cluster for your version of Solaris.

Quote:> 3) Should I expect /usr/lib/newsyslog to execute and not restart newsyslog?

No. Look at the logic of the script. There is no conditionals for starting or
not starting syslogd, just a kill -HUP. As I've said before, HUP is not
supposed to really kill syslogd.

Quote:> 4) On the log server is there a way, using the syslog.conf file, to seperate
> the "log server" messages from the messages generated from the other servers?

Not with the syslog.conf file. However, the messages are all tagged with the
hostnames, so a simple grep will get you the messages on a per-server basis.
You can also set up a FIFO (named pipe?) and create a script that sorts the
log messages for you.

 
 
 
Top

1. Tuning syslog/Syslog reporting/Syslog enhancement/replacements

Hello,

        I have been investigating using syslog's logging facilities. I have
currently set up our network to log to a central logging host. In my
preliminary attempts, I have set up syslog to dump everything to a single file,
which gets messy. I've sorted out the files now, and I have noticed that
certain applications such as telnetd and ftpd write to the LOG_MAIL facility.
Is there
a way to alter the logging facility that they report to, or will I have to have
modified binaries to handle this? I'm mostly concerned with our AIX machines
but we also have HPUX, Sunos/Solaris, and OSF. I could very well have it dump
all
information and sort out the data based on rules I develop using
sed/awk/perl/grep (whatever), But it would be nicer if it were done by
syslog/programs writing to syslog.

        Also, is anyone familiar with any other logging utilities? I would be grateful
for some help/advice or some pointers to where to find this information.

Thanks for your help.

Adam

2. Automatically source routing packets

3. Syslog question - getting other hosts' syslog messages

4. help w/ppp on metrox

5. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

6. rng driver update

7. Discussion on Syslog Configuration

8. ProxyPass and Cookies

9. syslog daemon configuration file ?????

10. syslog configuration

11. Help with pop3d syslog configuration

12. Syslog configuration


All times are UTC
Board index