Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AIX syslog rotation

Posted on 2001-07-10
11
Medium Priority
?
2,439 Views
Last Modified: 2013-12-23
How do you setup a syslog rotation?

Thanks!
0
Comment
Question by:PAdajar2
  • 5
  • 5
11 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 400 total points
ID: 6270489
The most common way to do this is with a boot-time script that copies syslog.log to syslog.log.bak or something like that.  This is what most vendor supplied scripts do.
    cp /var/adm/syslog/syslog.log /var/adm/syslog.log.bak

Better is a script that copies logs out of a cron job to something with  a date extension (make sure you HUP syslogd to make it drop open files before you do the copy)
and then deletes logs over so many days old.
    kill -HUP "$(cat /etc/syslog.pid)"
    cp /var/adm/syslog/syslog.log /var/adm/syslog.log.bak

Best is to parse syslog.conf to get the list of files to roll and then handle each one as above.
    pid="$(cat /etc/syslog.pid)"
    date="$(date +%Y%m%d%M%H%S)"
    grep -v '[  ]*#' /etc/syslog.conf |
    while read spec filename
    do  if [ -f "$filename" ]
          then    kill -HUP "$pid"
                    cp "$filename" "$filename.$date"
         fi
    done
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6271067
> cat /etc/syslog.pid
this is not a reliable pid for the syslog process.
Use somthing like
   ps -ef | grep \syslogd |awk 'print $1'
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6271097
/etc/syslog.pid should be reliable on AIX.  The actual logic I use in my script for this looks like this, however:
#
# This sends a HUP to syslog so it will close it's file descriptors
# and help us assure we're getting all the data.
#
function restart_syslogd {
    for syslog_pidfile in \
      /var/run/syslog.pid \
      /etc/inet/syslog.pid \
      /etc/syslog/syslog.pid \
      /etc/syslog.pid \
      /dev/null
    do  if [ -r "$syslog_pidfile" ]
        then    debug "$0: setting syslog_pidfile to '$syslog_pidfile'"
                break
        fi
    done
    cat "$syslog_pidfile" | read pid
    if [ -z "$pid" ]
    then    debug "$0: getting syslog pid from ps"
            ps -ef | grep /syslogd | grep -v grep | read user pid junk
    fi
    if [ -n "$pid" ]
    then    verbose "restarting syslogd"
            debug "syslog PID is '$pid'"
            if kill -HUP "$pid"
            then    :
            else    warn "$0: can't HUP syslog process '$pid'"
            fi
    else    warn "$0: don't know the syslog process id"
    fi
}
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:PAdajar2
ID: 6277078
Im a rookie guys so you have to bear with me.
Where exactly do these scripts go?

Thanks
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6277092
Doesn't matter where you place them in the filesystem.  The important thing is to call them out of cron on whatever schedule you want.  See the man pages for cron and crontab.
0
 

Author Comment

by:PAdajar2
ID: 6277308
k, now how do i customizze this for my system?
0
 

Author Comment

by:PAdajar2
ID: 6295687
how do you make the script delete log files that are x days old?

Thanks again
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6295787
Hey, that's a whole other question ;-)

Anyway, see the man page for find.
0
 

Author Comment

by:PAdajar2
ID: 6295847
thanks! any chance i can also squeeze out of you how you delete the previous contents of the log file as opposed to just appending to the same file?

Thanks
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6295866
> filename
will clobber the previous contents.
0
 

Author Comment

by:PAdajar2
ID: 6295980
thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question