Q: /var/log/messages intercept?

Q: /var/log/messages intercept?

Post by manim » Thu, 25 Jul 2002 19:30:41



Hello

I have a question.

I want to intercept only new messages that are added to /var/log/messages
file, especially kernel messages.
I want to write these down to new file.

I have no idea hot to implement that.

plz, advice me about this.

thank you

 
 
 

Q: /var/log/messages intercept?

Post by M?ns Rullg? » Thu, 25 Jul 2002 19:37:03



> Hello

> I have a question.

> I want to intercept only new messages that are added to /var/log/messages
> file, especially kernel messages.
> I want to write these down to new file.

That is what klogd is doing. With the right flags it will do what you
want.

--
M?ns Rullg?rd


 
 
 

Q: /var/log/messages intercept?

Post by Eric Worral » Thu, 25 Jul 2002 20:14:56


You might find tail or grep useful. For example the following would
write all messages which include the word procname to mymessages.txt:

grep "procname" /var/log/messages > mymessages.txt

You could use the tail command to extract the last num lines written to
/var/log/messages:

tail -n num /var/log/messages > mymessages.txt

You could combine tail and grep:

grep "procname" /var/log/messages | tail -n num > mymessages.txt

You could alter the contents of /etc/syslogd.conf to write messages of
the required type to a file.

*.*                             -/root/mymessages.txt

and restart syslog
/etc/rc.d/init.d/syslog restart

(Be careful of using *.*, with the above setting mymessages.txt would
contain *everything*, including information which could compromise
security if a hacker got hold of it).

Note the minus sign (-/root...) is optional, it improves performance by
allowing file buffering. This carries the risk of losing some data if
the system crashes.

Eric Worrall



> > Hello

> > I have a question.

> > I want to intercept only new messages that are added to /var/log/messages
> > file, especially kernel messages.
> > I want to write these down to new file.

> That is what klogd is doing. With the right flags it will do what you
> want.

> --
> M?ns Rullg?rd


--
You have just received an Etech Solution
For all your Linux requirements contact

 
 
 

Q: /var/log/messages intercept?

Post by Eric Worral » Thu, 25 Jul 2002 20:16:33


Sorry, I meant /etc/syslog.conf in the message :-).

Eric Worrall


> You might find tail or grep useful. For example the following would
> write all messages which include the word procname to mymessages.txt:

> grep "procname" /var/log/messages > mymessages.txt

> You could use the tail command to extract the last num lines written to
> /var/log/messages:

> tail -n num /var/log/messages > mymessages.txt

> You could combine tail and grep:

> grep "procname" /var/log/messages | tail -n num > mymessages.txt

> You could alter the contents of /etc/syslogd.conf to write messages of
> the required type to a file.

> *.*                             -/root/mymessages.txt

> and restart syslog
> /etc/rc.d/init.d/syslog restart

> (Be careful of using *.*, with the above setting mymessages.txt would
> contain *everything*, including information which could compromise
> security if a hacker got hold of it).

> Note the minus sign (-/root...) is optional, it improves performance by
> allowing file buffering. This carries the risk of losing some data if
> the system crashes.

> Eric Worrall



> > > Hello

> > > I have a question.

> > > I want to intercept only new messages that are added to /var/log/messages
> > > file, especially kernel messages.
> > > I want to write these down to new file.

> > That is what klogd is doing. With the right flags it will do what you
> > want.

> > --
> > M?ns Rullg?rd

> --
> You have just received an Etech Solution
> For all your Linux requirements contact


--
You have just received an Etech Solution
For all your Linux requirements contact

 
 
 

Q: /var/log/messages intercept?

Post by Jean-Marc Lienhe » Fri, 26 Jul 2002 03:26:49


Eric Worrall a crit :

Quote:> > You could use the tail command to extract the last num lines written to
> > /var/log/messages:

> > tail -n num /var/log/messages > mymessages.txt

Maybe the "-f" option of tail can be usefull too ?
I like it very much.

        Jean-Marc

--

http://www.oksid.ch

 
 
 

Q: /var/log/messages intercept?

Post by Joshua Jone » Fri, 26 Jul 2002 09:00:28



>> > tail -n num /var/log/messages > mymessages.txt
> Maybe the "-f" option of tail can be usefull too ?
> I like it very much.

Not with what he's doing.

--
 Joshua Jones
 josh(at)homemail.com  |  jonesjos(at)us.ibm.com

 
 
 

Q: /var/log/messages intercept?

Post by Oliver Schulze » Sat, 27 Jul 2002 05:49:54


If you rotate your /var/log/message file and want to use tail,
use this command:
tail -f --follow=name /var/log/messages

HTH


> Eric Worrall a crit :
> > > You could use the tail command to extract the last num lines written to
> > > /var/log/messages:

> > > tail -n num /var/log/messages > mymessages.txt

> Maybe the "-f" option of tail can be usefull too ?
> I like it very much.

>    Jean-Marc

 
 
 

1. How large can /var/log/messages and /var/log/syslog get ?

My /var/log/messages is now over 3 meg, and my syslog is 200+ k. I'm
very curious how far is this going to go ?
Is there a way to restrict their sizes ?

cheers,
Hong Siang.
--
======================================================================
The sticker on the box said, "Windows 95, Windows NT 4.0, or better."
So I installed Linux.
======================================================================
Teo Hong Siang                                   Tel (H): (65)746 2598
Manager, DTG Development Office                      (O): (65)772 7114

2. Apache breaks every day!

3. How to close /var/log/syslog and /var/log/messages..

4. New kid

5. Kernel messages in /var/log/messages

6. kdm and mosfets liquid

7. kdm message in /var/log/messages?

8. Unix - Frequently Asked Questions (Contents) [Frequent posting]

9. identd messages in /var/log/messages

10. Odd in.pop3d messages in /var/log/{messages,syslog}

11. Kernel messages in /var/log/messages

12. syslogd failed to log message to /var/adm/messages

13. Strange messages in /var/log/messages (HD failure??)