[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 953
  • Last Modified:

Change default error output

I just started an SSH session (putty) into one of my remote solaris boxes. The screen is filled with scrolling errors. I believe / is full but I can't really do anything because of the errors that keep scrolling along the screen. Is there a way that I can stop the errors from being displayed on my session so that I can investigate the problem? Can I change the output location for the errors some how temporarily? This is a solaris 10 box.
0
IT_Telephonics
Asked:
IT_Telephonics
  • 8
  • 6
  • 2
  • +1
1 Solution
 
regmigrantCommented:
If this works the same way as other unix install you can redirect standard error output with "2>" but its shell dependent

so

putty 2>myerr.log  

under the bourne shell for example
0
 
omarfaridCommented:
are you logged in as root? what the messages are showing?
0
 
IT_TelephonicsAuthor Commented:
yes, logging in as root. Here are some of the messages:

Oct 19 09:25:05 <server name> sendmail[28888]: [ID 801593 mail.alert] p9JDP5Rt028888: low on space (SMTP-DAEMON needs 0 bytes + 100 blocks in /var/spool/mqueue), max avail: 0
Oct 19 09:25:05 <server name> last message repeated 1 time
Oct 19 09:25:05 <server name> root: [ID 702911 daemon.alert] The audit_warn mail alias is not defined
Oct 19 09:25:05 <server name> root: [ID 702911 daemon.alert] The audit daemon has experienced the following problem with loading or executing plugins: /usr/lib/security/audit_binfile.so.1: retry all partitions full This message has been displayed 321867 times.
Oct 19 09:25:06 <server name> sendmail[28895]: [ID 801593 mail.alert] p9JDP6fP028895: low on space (SMTP-DAEMON needs 0 bytes + 100 blocks in /var/spool/mqueue), max avail: 0
Oct 19 09:25:06 <server name> last message repeated 1 time
Oct 19 09:25:06 <server name> root: [ID 702911 daemon.alert] The audit_warn mail alias is not defined
Oct 19 09:25:06 <server name> root: [ID 702911 daemon.alert] The audit daemon has experienced the following problem with loading or executing plugins: /usr/lib/security/audit_binfile.so.1: retry all partitions full This message has been displayed 321868 times.


I can't really troubleshoot this because these errors are just blasting the screen. Looking to redirect them temporarily somewhere else until I can see what has filled my root "/" volume.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
omarfaridCommented:
can you pull the file /etc/syslog.conf from the system (via ftp or sftp) and post it? since you are logged in , then there certain messages types that are sent to logged in users (or root).

0
 
IT_TelephonicsAuthor Commented:
*.err;kern.notice;auth.notice                  /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit      /var/adm/messages

*.alert;kern.err;daemon.err                  operator
*.alert                                    root

*.emerg                                    *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
auth.notice                  ifdef(`LOGHOST', /var/log/authlog, @loghost)
audit.notice                  /var/adm/auditlog
mail.debug                  ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                              /dev/sysmsg
user.err                              /var/adm/messages
user.alert                              `root, operator'
user.emerg                              *
)
0
 
omarfaridCommented:
as you can see, there are a number of places where the messages will come to root. Please edit the file and comment the lines as below and put the file back, but this will require to restart syslog daemon

#*.alert;kern.err;daemon.err                  operator
#*.alert                                    root
#*.emerg                                    *
#user.alert                              `root, operator'
#user.emerg                              *

after you upload the file to the server (via ftp or sftp), login and run

pkill -HUP syslogd
0
 
omarfaridCommented:
were you able to do above solution?
0
 
IT_TelephonicsAuthor Commented:
Sorry for the delay, I did exactly what you had said and the error messages stop.
I saved the original syslog.conf file so that I can put it back after this problem is resolved.

Now for the real problem. I have to find out what filled root "/" !!!
Any suggestions?
0
 
omarfaridCommented:
look for logs files and mail messages under /var dir
0
 
IT_TelephonicsAuthor Commented:
I did a du -sdk * | sort -rn command in the /var dir and see that the audit dir is what is causing the problem. I can CD to the /var/audit dir but nothing else reponds (ls, rm) from within that dir.
0
 
omarfaridCommented:
it could be that it contains large number of files.

try

find .

if your sure that you want to delete files there then you may run

find . -type f -exec rm {} \;

and wait for some time

you may login from some other session and see if used space is dropping
0
 
omarfaridCommented:
please be careful and run the above commands in /var/audit dir
0
 
Joseph GanSystem AdminCommented:
You may need to stop/kill audit daemon before delete.
0
 
IT_TelephonicsAuthor Commented:
is it OK to delete the older audit log files in the /var/audit dir? Any thing that doesn't say *not_terminated*?
0
 
Joseph GanSystem AdminCommented:
Depand on how long you want to keep them. Or you can move to somewhere else if they important.
0
 
omarfaridCommented:
You may backup files to tape or some other disk / file system with space, then delete them from the audit dir
0
 
IT_TelephonicsAuthor Commented:
Excellent help with a crisis!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now