Solved

AIX syslog rotation

Posted on 2001-07-10
11
2,395 Views
Last Modified: 2013-12-23
How do you setup a syslog rotation?

Thanks!
0
Comment
Question by:PAdajar2
  • 5
  • 5
11 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
Comment Utility
The most common way to do this is with a boot-time script that copies syslog.log to syslog.log.bak or something like that.  This is what most vendor supplied scripts do.
    cp /var/adm/syslog/syslog.log /var/adm/syslog.log.bak

Better is a script that copies logs out of a cron job to something with  a date extension (make sure you HUP syslogd to make it drop open files before you do the copy)
and then deletes logs over so many days old.
    kill -HUP "$(cat /etc/syslog.pid)"
    cp /var/adm/syslog/syslog.log /var/adm/syslog.log.bak

Best is to parse syslog.conf to get the list of files to roll and then handle each one as above.
    pid="$(cat /etc/syslog.pid)"
    date="$(date +%Y%m%d%M%H%S)"
    grep -v '[  ]*#' /etc/syslog.conf |
    while read spec filename
    do  if [ -f "$filename" ]
          then    kill -HUP "$pid"
                    cp "$filename" "$filename.$date"
         fi
    done
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> cat /etc/syslog.pid
this is not a reliable pid for the syslog process.
Use somthing like
   ps -ef | grep \syslogd |awk 'print $1'
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
/etc/syslog.pid should be reliable on AIX.  The actual logic I use in my script for this looks like this, however:
#
# This sends a HUP to syslog so it will close it's file descriptors
# and help us assure we're getting all the data.
#
function restart_syslogd {
    for syslog_pidfile in \
      /var/run/syslog.pid \
      /etc/inet/syslog.pid \
      /etc/syslog/syslog.pid \
      /etc/syslog.pid \
      /dev/null
    do  if [ -r "$syslog_pidfile" ]
        then    debug "$0: setting syslog_pidfile to '$syslog_pidfile'"
                break
        fi
    done
    cat "$syslog_pidfile" | read pid
    if [ -z "$pid" ]
    then    debug "$0: getting syslog pid from ps"
            ps -ef | grep /syslogd | grep -v grep | read user pid junk
    fi
    if [ -n "$pid" ]
    then    verbose "restarting syslogd"
            debug "syslog PID is '$pid'"
            if kill -HUP "$pid"
            then    :
            else    warn "$0: can't HUP syslog process '$pid'"
            fi
    else    warn "$0: don't know the syslog process id"
    fi
}
0
 

Author Comment

by:PAdajar2
Comment Utility
Im a rookie guys so you have to bear with me.
Where exactly do these scripts go?

Thanks
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Doesn't matter where you place them in the filesystem.  The important thing is to call them out of cron on whatever schedule you want.  See the man pages for cron and crontab.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:PAdajar2
Comment Utility
k, now how do i customizze this for my system?
0
 

Author Comment

by:PAdajar2
Comment Utility
how do you make the script delete log files that are x days old?

Thanks again
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Hey, that's a whole other question ;-)

Anyway, see the man page for find.
0
 

Author Comment

by:PAdajar2
Comment Utility
thanks! any chance i can also squeeze out of you how you delete the previous contents of the log file as opposed to just appending to the same file?

Thanks
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
> filename
will clobber the previous contents.
0
 

Author Comment

by:PAdajar2
Comment Utility
thanks!
0

Featured Post

NetScaler Deployment Guides and Resources

Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

Join & Write a Comment

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down …
What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now