Solved

AIX syslog rotation

Posted on 2001-07-10
11
2,424 Views
Last Modified: 2013-12-23
How do you setup a syslog rotation?

Thanks!
0
Comment
Question by:PAdajar2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
ID: 6270489
The most common way to do this is with a boot-time script that copies syslog.log to syslog.log.bak or something like that.  This is what most vendor supplied scripts do.
    cp /var/adm/syslog/syslog.log /var/adm/syslog.log.bak

Better is a script that copies logs out of a cron job to something with  a date extension (make sure you HUP syslogd to make it drop open files before you do the copy)
and then deletes logs over so many days old.
    kill -HUP "$(cat /etc/syslog.pid)"
    cp /var/adm/syslog/syslog.log /var/adm/syslog.log.bak

Best is to parse syslog.conf to get the list of files to roll and then handle each one as above.
    pid="$(cat /etc/syslog.pid)"
    date="$(date +%Y%m%d%M%H%S)"
    grep -v '[  ]*#' /etc/syslog.conf |
    while read spec filename
    do  if [ -f "$filename" ]
          then    kill -HUP "$pid"
                    cp "$filename" "$filename.$date"
         fi
    done
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6271067
> cat /etc/syslog.pid
this is not a reliable pid for the syslog process.
Use somthing like
   ps -ef | grep \syslogd |awk 'print $1'
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6271097
/etc/syslog.pid should be reliable on AIX.  The actual logic I use in my script for this looks like this, however:
#
# This sends a HUP to syslog so it will close it's file descriptors
# and help us assure we're getting all the data.
#
function restart_syslogd {
    for syslog_pidfile in \
      /var/run/syslog.pid \
      /etc/inet/syslog.pid \
      /etc/syslog/syslog.pid \
      /etc/syslog.pid \
      /dev/null
    do  if [ -r "$syslog_pidfile" ]
        then    debug "$0: setting syslog_pidfile to '$syslog_pidfile'"
                break
        fi
    done
    cat "$syslog_pidfile" | read pid
    if [ -z "$pid" ]
    then    debug "$0: getting syslog pid from ps"
            ps -ef | grep /syslogd | grep -v grep | read user pid junk
    fi
    if [ -n "$pid" ]
    then    verbose "restarting syslogd"
            debug "syslog PID is '$pid'"
            if kill -HUP "$pid"
            then    :
            else    warn "$0: can't HUP syslog process '$pid'"
            fi
    else    warn "$0: don't know the syslog process id"
    fi
}
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:PAdajar2
ID: 6277078
Im a rookie guys so you have to bear with me.
Where exactly do these scripts go?

Thanks
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6277092
Doesn't matter where you place them in the filesystem.  The important thing is to call them out of cron on whatever schedule you want.  See the man pages for cron and crontab.
0
 

Author Comment

by:PAdajar2
ID: 6277308
k, now how do i customizze this for my system?
0
 

Author Comment

by:PAdajar2
ID: 6295687
how do you make the script delete log files that are x days old?

Thanks again
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6295787
Hey, that's a whole other question ;-)

Anyway, see the man page for find.
0
 

Author Comment

by:PAdajar2
ID: 6295847
thanks! any chance i can also squeeze out of you how you delete the previous contents of the log file as opposed to just appending to the same file?

Thanks
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6295866
> filename
will clobber the previous contents.
0
 

Author Comment

by:PAdajar2
ID: 6295980
thanks!
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question