Hello folks,
I've been making some changes to logadm.conf, but I'm not getting quite the results that I'm expecting
/var/log/pool/poold -a 'pkill -HUP poold; true' -N -s 512k
/var/svc/log/*.log -C 8 -N -s 1m
/var/adm/messages -a 'pkill -HUP `cat /var/run/syslog.pid`' -C 8 -s 10m
/var/adm/pacct -a 'usr/lib/acct/accton pacct' -C 0 -g adm -m 664 -N -o adm -p never
/var/cron/log -c -s 512k -t /var/cron/olog
/var/fm/fmd/errlog -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile' -N -s 2m
/var/fm/fmd/fltlog -A 6m '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile' -N -s 10m
/var/log/syslog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -s 10m
/var/lp/logs/lpsched -C 8 -N -t '$file $N'
/var/adm/spellhist -N -s 512k -t /var/adm/spellhist.old
/var/adm/sulog -C 8 -N -s 512k
/var/adm/vold.log -N -s 256k -t /var/adm/vold.log.old
/var/adm/wtmpx -N -p never -s 5m -t /var/adm/wtmpx.old
/var/saf/_log -C 8 -N -s 256k
/var/saf/zsmon/log -C 8 -N -s 256k
/var/log/authlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 256k
/var/log/kernlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/log/userlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/log/daemonlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/adm/loginlog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 8 -N -s 512k
/var/log/maillog -a 'kill -HUP `cat /var/run/syslog.pid`' -C 0 -N -s 512m
But, the logs aren't rotating based on size as expected (of specific concern are maillog, messages, authlog and wtmpx)
Yes, I do restart the daemon after each modification
I'm sure that I'm missing something simple, but I'm just not seeing it...
What do you want to achieve?
I'm hoping to see my logs rotate based on exceeding the size limitation. Failing this, I'll need to switch to date based rotation.
Have you actually made use of the syslog.conf file ?#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
*.alert;kern.err;daemon.err operator
*.emerg *
# if a non-loghost machine chooses to have authentication messages#auth .notice ifdef(`LOGHOST', /var/log/authlog, @loghost )
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost )
#
syslog.conf:
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
################################################################################
### Alerts to users:
*.emerg *
*.alert;kern.notice root, operator
################################################################################
### Alerts to file only
auth.err /var/log/authlog
mail.info /var/log/maillog
*.notice /var/adm/messages
### ORACLE database servers (Fujitsu hardware):
*.debug;user.info;mark,syslog.debug /opt/SMAW/SMAWlog3/syslogd_pipe
################################################################################
### Alerts to file and loghost
*.err;auth.notice;kern.debug ifdef(`LOGHOST', /var/adm/messages, @loghost)
kern.info ifdef(`LOGHOST', /var/log/kernlog, @loghost)
user.info ifdef(`LOGHOST', /var/log/userlog, @loghost)
daemon.info ifdef(`LOGHOST', /var/log/daemonlog, @loghost)
auth.info ifdef(`LOGHOST', /var/log/authlog, @loghost)
cron.info ifdef(`LOGHOST', /var/log/cronlog, @loghost)
################################################################################
Some applications are writing to files directly...
seg
October 31, 2008, 6:57pm
6
Run "logadm -vn" to get verbose output without changing any log files. That might help troubleshoot this.
Here are the results of logadm -vn:
bash-3.00# logadm -vn
# loading /etc/logadm.conf
# processing logname: /var/log/pool/poold
# using default expire rule: -C10
# using default template: $file.$n
# processing logname: /var/svc/log/*.log
# using default template: $file.$n
# processing logname: /var/adm/messages
# using default template: $file.$n
# processing logname: /var/adm/pacct
# using default template: $file.$n
# processing logname: /var/cron/log
# using default expire rule: -C10
# processing logname: /var/fm/fmd/errlog
# using default expire rule: -C10
# using default template: $file.$n
# processing logname: /var/fm/fmd/fltlog
# using default template: $file.$n
# processing logname: /var/log/syslog
# using default template: $file.$n
# processing logname: /var/lp/logs/lpsched
# using default rotate rules: -s1b -p1w
# processing logname: /var/adm/spellhist
# using default expire rule: -C10
# processing logname: /var/adm/sulog
# using default template: $file.$n
# processing logname: /var/adm/vold.log
# using default expire rule: -C10
# processing logname: /var/adm/wtmpx
# using default expire rule: -C10
# processing logname: /var/saf/_log
# using default template: $file.$n
# processing logname: /var/saf/zsmon/log
# using default template: $file.$n
# processing logname: /var/log/authlog
# using default template: $file.$n
# processing logname: /var/log/kernlog
# using default template: $file.$n
# processing logname: /var/log/userlog
# using default template: $file.$n
# processing logname: /var/log/daemonlog
# using default template: $file.$n
# processing logname: /var/adm/loginlog
# using default template: $file.$n
# processing logname: /var/log/maillog
# using default template: $file.$n
# /etc/logadm.conf unchanged
seg
November 3, 2008, 8:52pm
8
OK, give me the output of `ls -l /var/adm /var/log`
root@hostname# ls -l /var/adm /var/log
/var/adm:
total 420766
drwxrwxr-x 5 adm adm 512 May 2 2006 acct
-rw------- 1 uucp bin 0 Nov 24 2005 aculog
-rw-r--r-- 1 root root 662 Oct 30 02:00 dtmp
drwxr-xr-x 2 adm adm 512 Nov 24 2005 exacct
-r--r--r-- 1 root other 57372 Nov 4 09:18 lastlog
drwxr-xr-x 2 adm adm 512 Nov 24 2005 log
-rw------- 1 root sys 0 Feb 28 2006 loginlog
-rw-r--r-- 1 root other 0 Feb 28 2006 loginlog.JASS.20060228160132
-rw-r--r-- 1 root root 5396617 Nov 4 09:18 messages
-rw-r--r-- 1 root root 864400 Jul 25 10:53 messages.0
-rw-r--r-- 1 root root 1125175 Jul 20 03:10 messages.1
-rw-r--r-- 1 root root 1136534 Jul 13 03:10 messages.2
-rw-r--r-- 1 root root 1123550 Jul 6 03:10 messages.3
-rw-r--r-- 1 adm adm 80212480 Jun 26 2006 pacct
-rw-r--r-- 1 adm adm 27484560 May 18 2006 pacct.0
-rw-r--r-- 1 adm adm 5973640 May 8 2006 pacct.1
-rw-r--r-- 1 adm adm 2480 Feb 28 2006 pacct.10
-rw-r--r-- 1 adm adm 2520 Feb 28 2006 pacct.11
-rw-r--r-- 1 adm adm 153960 Feb 28 2006 pacct.12
-rw-r--r-- 1 adm adm 3326320 May 5 2006 pacct.2
-rw-r--r-- 1 adm adm 1328440 May 4 2006 pacct.3
-rw-r--r-- 1 adm adm 709680 May 3 2006 pacct.4
-rw-r--r-- 1 adm adm 5480 May 2 2006 pacct.5
-rw-r--r-- 1 adm adm 2880 May 2 2006 pacct.6
-rw-r--r-- 1 adm adm 33680 Mar 3 2006 pacct.7
-rw-r--r-- 1 adm adm 4120 Feb 28 2006 pacct.8
-rw-r--r-- 1 adm adm 6760 Feb 28 2006 pacct.9
drwxr-xr-x 2 adm adm 512 Nov 24 2005 passwd
drwxrwxr-x 2 adm sys 512 Nov 24 2005 sa
drwxr-xr-x 2 root sys 512 Nov 24 2005 sm.bin
-rw-rw-rw- 1 root bin 0 Nov 24 2005 spellhist
drwxr-xr-x 2 root sys 512 Nov 24 2005 streams
-rw------- 1 root root 13926 Oct 27 13:01 sulog
-rw-r--r-- 1 root bin 3720 Nov 4 09:18 utmpx
-rw-r--r-- 1 root root 0 Nov 24 2005 vold.log
-rw-r--r-- 1 adm adm 86189796 Nov 4 09:18 wtmpx
/var/log:
total 528
-rw------- 1 root sys 1553 Oct 22 21:32 authlog
-rw-r--r-- 1 root sys 0 Aug 26 09:03 cronlog
-rw-r--r-- 1 root sys 0 Aug 26 09:03 daemonlog
-rw-r--r-- 1 root root 7 Nov 4 08:32 driftfile
-rw-r--r-- 1 root sys 0 Aug 26 09:03 kernlog
-rw-r--r-- 1 root sys 114783 Nov 4 03:10 maillog
-rw------- 1 root root 86521 Sep 23 14:10 rkhunter.log
drwxr-xr-x 2 root root 2048 Nov 4 09:13 samba
-rw------- 1 root root 40218 Oct 27 13:01 sudo.log
-rw-r--r-- 1 root other 457 Feb 27 2006 sysidconfig.log
-rw-r--r-- 1 root sys 0 Nov 24 2005 syslog
-rw-r--r-- 1 root root 5009 Feb 21 2008 ufsdump.log
-rw-r--r-- 1 root sys 0 Aug 26 09:03 userlog
The rotations that exist were prior to my modifications to /etc/syslog.conf and /etc/logadm.conf
I have done some additional investigation and discovered that the maillog rotation is occurring. Also, I did discover a spelling error in logadm.conf:
/var/adm/messages -a 'pkill -HUP `cat /var/run/syslog.pid`' -C 8 -s 10m
I've changed this to the following, and now it's rotating just fine:
/var/adm/messages -C 8 -P 'Mon Nov 3 20:27:38 2008' -a 'kill -HUP `cat /var/run/syslog.pid`;
echo `date` >> /var/adm/messages' -s 1m
(forced the break after the semicolon to improve display here)
seg
November 4, 2008, 12:35pm
10
Based on your original post the rest have not rotated because they have not yet hit the size requirement set in logadm.conf.
Thanks for helping see through this seg - another set of eyes always helps!