Script Question: killing syslogd

Script Question: killing syslogd

Post by Peet Groble » Tue, 11 Apr 2000 04:00:00



I've got a script that moves /var/log/secure to another file. I (guess) then
I need to kill syslogd, and re-start it.

1) Is that really necessary? I've noticed that once I've moved the file
(using "mv"), even if I touch the file (to re-create an empty one), it still
doesn't write to the file. Is there any other way to get syslogd to start
logging?

2) How do I do that? What would the line that kills the process look like?
I've noticed the file /var/???/syslodg.pid (can't remember the name offhand)
contains the pid, e.g. "3315" in the file. How do you do this?

3) Last question (interesting one) : Let's say /var/log/secure is about 2MB.
I'm doing the command (via script) "mv /var/log/secure /var/log/secure.old".
Now, someone logs on incorrectly. Will this be logged to this file? Or will
I lose that record ?

Thanks,
Peet.

 
 
 

Script Question: killing syslogd

Post by Thomas Homme » Tue, 11 Apr 2000 04:00:00


Hi
If you move a logfile to another position and dont restart syslogd, it
will still have the old file pointer open and log to a file that doesnt
exist anymore. So your disk space will go down, but you cannot access
the newly written logs. So restarting syslogd is a must.

Peet Grobler schrieb:

Quote:

> I've got a script that moves /var/log/secure to another file. I (guess) then
> I need to kill syslogd, and re-start it.

Right!

Quote:

> 1) Is that really necessary? I've noticed that once I've moved the file
> (using "mv"), even if I touch the file (to re-create an empty one), it still
> doesn't write to the file. Is there any other way to get syslogd to start
> logging?

> 2) How do I do that? What would the line that kills the process look like?
> I've noticed the file /var/???/syslodg.pid (can't remember the name offhand)
> contains the pid, e.g. "3315" in the file. How do you do this?

Try "kill -1 `cat /var/(?lock?)/syslogd.pid`", this should work (Be sure
to use the right quotes).

Quote:

> 3) Last question (interesting one) : Let's say /var/log/secure is about 2MB.
> I'm doing the command (via script) "mv /var/log/secure /var/log/secure.old".
> Now, someone logs on incorrectly. Will this be logged to this file? Or will
> I lose that record ?

As I told you above, this will be logged somewhere to nirvana.

Quote:

> Thanks,
> Peet.

--
-------------------------
Thomas Hommel
Beam Enterprise GmbH
-------------------------
Remove NO SPAM from my address to reply to me.

 
 
 

Script Question: killing syslogd

Post by Peet Groble » Tue, 11 Apr 2000 04:00:00


How would I avoid records being written to "nirvana" while moving the file?
Is there some other way of doing this without losing any information?


>Hi
>If you move a logfile to another position and dont restart syslogd, it
>will still have the old file pointer open and log to a file that doesnt
>exist anymore. So your disk space will go down, but you cannot access
>the newly written logs. So restarting syslogd is a must.

>Peet Grobler schrieb:

>> I've got a script that moves /var/log/secure to another file. I (guess)
then
>> I need to kill syslogd, and re-start it.

>Right!

>> 1) Is that really necessary? I've noticed that once I've moved the file
>> (using "mv"), even if I touch the file (to re-create an empty one), it
still
>> doesn't write to the file. Is there any other way to get syslogd to start
>> logging?

>> 2) How do I do that? What would the line that kills the process look
like?
>> I've noticed the file /var/???/syslodg.pid (can't remember the name
offhand)
>> contains the pid, e.g. "3315" in the file. How do you do this?

>Try "kill -1 `cat /var/(?lock?)/syslogd.pid`", this should work (Be sure
>to use the right quotes).

>> 3) Last question (interesting one) : Let's say /var/log/secure is about
2MB.
>> I'm doing the command (via script) "mv /var/log/secure

/var/log/secure.old".

- Show quoted text -

Quote:>> Now, someone logs on incorrectly. Will this be logged to this file? Or
will
>> I lose that record ?

>As I told you above, this will be logged somewhere to nirvana.

>> Thanks,
>> Peet.

>--
>-------------------------
>Thomas Hommel
>Beam Enterprise GmbH
>-------------------------
>Remove NO SPAM from my address to reply to me.

 
 
 

Script Question: killing syslogd

Post by Peter T. Breue » Tue, 11 Apr 2000 04:00:00


: I've got a script that moves /var/log/secure to another file. I (guess) then
: I need to kill syslogd, and re-start it.

: 1) Is that really necessary? I've noticed that once I've moved the file

Yes. killall -1 syslogd.

: (using "mv"), even if I touch the file (to re-create an empty one), it still
: doesn't write to the file. Is there any other way to get syslogd to start
: logging?

It IS logging. To the old file. Have a look!

: 2) How do I do that? What would the line that kills the process look like?

As above.

: 3) Last question (interesting one) : Let's say /var/log/secure is about 2MB.
: I'm doing the command (via script) "mv /var/log/secure /var/log/secure.old".
: Now, someone logs on incorrectly. Will this be logged to this file? Or will

See above.

Peter

 
 
 

Script Question: killing syslogd

Post by Peter T. Breue » Tue, 11 Apr 2000 04:00:00


: If you move a logfile to another position and don't restart syslogd, it
: will still have the old file pointer open and log to a file that doesn't
: exist anymore. So your disk space will go down, but you cannot access

The file (i.e. the inode) both exists and is accessible from the directory
structure. He said "mv", not "rm".

Peter

 
 
 

Script Question: killing syslogd

Post by Peter T. Breue » Tue, 11 Apr 2000 04:00:00


: How would I avoid records being written to "nirvana" while moving the file?

They don't get written to nirvana. THomas has made a mistake. They
get written to the old/new file (which is always the same inode on
disk). There is no hiatus.

: Is there some other way of doing this without losing any information?

Nearly any way you do it loses no information.

Peter

 
 
 

1. killing a shell script is not killing child processes

dispatcher (NOHUP mode)->daemon->shell script (parent
PID)->executables(child PIDs)

When we try to kill shell script (parent PID) with kill-9 command, I
am expecting that all executables (child PIDs) that are running from
shell script should also be killed.

Shell script process is getting killed but not the child processes.

I tried read all the messages patiently but it added up more
confusions.

I found a way to kill all child processes before killing parent shell
script but trying to find a answer for this behaviour.

Any expert responses are welcome.

Cheers,
Srinivas

2. LILO trouble

3. Terminating process/script with kill -9 or kill -15

4. So where are the MS supporters.

5. where is it explained that "kill 0" will kill the current script?

6. Swapon and CDE login problems on 4.3.3

7. killing a shell script is not killing child processes

8. Tecra 700CT laptop: video drivers problem

9. rc?.d kill scripts question

10. syslogd doesn't work unless I kill it!

11. Problem INET: syslogd kill: (32) - No such pid.

12. how to kill a program in a script that started from that script

13. Solaris 8 kills syslogd ?