- 论坛徽章:
- 0
|
听说有一HPUX机器SYSLOG日志有点儿大,翻了一下MAN
djt_nm# more /etc/sys
sysdef syslog.conf syslog.pid syslogd
djt_nm# more /etc/syslog
syslog.conf syslog.pid syslogd
djt_nm# more /etc/syslog.conf
# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
看来也没记些什么东西呀!
djt_nm# more /sbin/init
init init.d/ initcond
djt_nm# more /sbin/init.d/s
samba sec_late_init set_date spa swap_start syslog-ng
sasd sec_mgmt set_prvgrp spc swconfig syslogd
savecrash secsh setboot sw_clean_vxvm swm.config
sec_init sendmail sfmdb swagentd syncer
djt_nm# more /sbin/init.d/sy
syncer syslog-ng syslogd
djt_nm# more /sbin/init.d/syslog
syslog-ng syslogd
djt_nm# more /sbin/init.d/syslogd
#!/sbin/sh
# @(#)B.11.31_LR
#
# NOTE: This script is not configurable! Any changes made to this
# scipt will be overwritten when you upgrade to the next
# release of HP-UX.
#
# WARNING: Changing this script in any way may lead to a system that
# is unbootable. Do not modify this script.
#
#
# System message logger
#
PATH=/sbin:/usr/sbin:/usr/bin
export PATH
rval=0
set_return() {
x=$?
if [ $x -ne 0 ]; then
echo "EXIT CODE: $x"
rval=1
fi
}
################################################################################
# Arguments: #
# Name of the Process whose ids should be returned. #
# #
# Description: #
# This routine returns a list of process ids whose name matches the argument #
# to this function. It also ensures that the process id list does not include #
# the process id of the current process. #
# #
# Return Value: #
# "" : if there's no process by this name #
# List of process ids separated by space if process name is found #
# #
################################################################################
# Fix for JAGae61652 (parent CR:JAGae59805)
GetNamedProcIds()
{
ps -e | awk -v mypid=$$ -v pname=$1 \
'$NF==pname { \
if ($1 != mypid) \
print $1 \
}'
}
case $1 in
'start_msg')
echo "Start system message logging daemon"
;;
'stop_msg')
echo "Stop system message logging daemon"
;;
'start')
#
# Set SYSLOGD_OPTS and PREV_OLDSYSLOG_LINES
#
if [ -f /etc/rc.config.d/syslogd ]; then
. /etc/rc.config.d/syslogd
else
echo "ERROR: /etc/rc.config.d/syslogd defaults file MISSING"
fi
if [ -x /usr/sbin/syslogd -a -f /etc/syslog.conf ]; then
if [ -f /var/adm/syslog/syslog.log ]; then
# To fix JAGae17538
MV=/usr/bin/mv;
# If the OLDsyslog.log file exists...
if [ -f /var/adm/syslog/OLDsyslog.log ]
then
# If PREV_OLDSYSLOG_LINES is not set correctly, assume default value 0.
if [ $PREV_OLDSYSLOG_LINES ]
then
if [[ $PREV_OLDSYSLOG_LINES != *([0-9]) ]]
then
echo "\tWARNING: PREV_OLDSYSLOG_LINES parameter in /et
c/rc.config.d/syslogd"
echo "\t is set incorrectly. Default value 0 i
s assumed."
PREV_OLDSYSLOG_LINES=0
fi
djt_nm# more /etc/rc.config.d/syslog
syslog-ng syslogd
看看两配置文件
djt_nm# more /etc/rc.config.d/syslogd
#!/sbin/sh
# @(#)B.11.31_LR
# Syslogd configuration ( See syslog(3C) and syslogd(1M) )
#
# SYSLOGD_OPTS: Options to be used when starting up syslogd.
# Default is "-D", don't have the kernel print directly
# to the system console. Change it to "-D -v" to log
# priority and facility in encoded form at the second field
# of the syslogd log message.
SYSLOGD_OPTS="-D"
# PREV_OLDSYSLOG_LINES: The number of kilo lines that should be carried
# from the previous /var/adm/syslog/OLDsyslog.log
# along with the contents of previous
# /var/adm/syslog/syslog.log to the current
# /var/adm/syslog/OLDsyslog.log. The value should
# strictly be a number. Default is 0 which makes the
# present OLDsyslog.log contain only the previous
# syslog.log contents. Please see the man page for
# syslogd(1m).
PREV_OLDSYSLOG_LINES=0
djt_nm# man syslogd
syslogd(1M) syslogd(1M)
NAME
syslogd - log system messages
SYNOPSIS
/usr/sbin/syslogd [-a] [-d] [-D] [-f configfile] [-m markinterval] [-N]
[-p logfile] [-r] [-s] [-v]
DESCRIPTION
The syslogd command reads and logs messages into a set of files
described by the configuration file /etc/syslog.conf.
Options
syslogd recognizes the following options:
-a Allows all messages except consecutive
duplicate messages without reordering them.
-d Turn on debugging.
-D Prevent the kernel from directly printing its
messages on the system console. In this
case, syslogd is responsible for routing all
kernel messages to their proper destination.
-f configfile Use configfile instead of /etc/syslog.conf.
-m markinterval Wait markinterval minutes between mark
messages, instead of 20 minutes.
-N Don't listen to socket.
-p logfile Use logfile instead of /dev/log.
-r Don't suppress duplicate messages.
-s While logging the messages coming from remote
system, IP address will be logged instead of
the hostname.
-v Add priority and facility encoded code at the
second field of the message line. Refer to
syslog(3C) manpage for these priority and
facility encoding codes.
syslogd creates the file /var/run/syslog.pid, if possible, containing
a single line with its process ID. This can be used to kill or
reconfigure syslogd.
To kill syslogd, send it a terminate signal:
Hewlett-Packard Company - 1 - HP-UX 11i Version 3 Feb 2007
syslogd(1M) syslogd(1M)
kill `cat /var/run/syslog.pid`
To make syslogd, re-read its configuration file, send it a HANGUP
signal:
kill -HUP `cat /var/run/syslog.pid`
syslogd collects messages from the UNIX domain socket /dev/log.un, an
Internet domain socket specified in /etc/services, the named pipe
/dev/log, and from the kernel log device /dev/klog. By default, local
programs calling syslog() send log messages to the UNIX domain socket
(see syslog(3C)). If UNIX domain sockets are not configured on the
system, they write to the named pipe instead. If INET domain sockets
are not configured, syslogd does not receive messages forwarded from
other hosts, nor does it forward messages (see below).
Each message is one line. A message can contain a priority code and
facility code as the second field of the line. Priorities and
Facilities are defined in the header file .
When syslogd is invoked using /sbin/init.d/syslogd script, user can
update the required options in /etc/rc.config.d/syslogd file. By
default /etc/rc.config.d/syslogd contains -D option. Before starting
the syslogd command, the /sbin/init.d/syslogd script recreates
/var/adm/syslog/syslog.log after putting the contents into the file
/var/adm/syslog/OLDsyslog.log. By default, OLDsyslog.log is
overwritten by the contents of syslog.log. If you want to retain the
contents of the previous OLDsyslog.log file, configure
PREV_OLDSYSLOG_LINES in /etc/rc.config.d/syslogd. You can set the
parameter to the number of lines (in thousands) to be retained from
the previous OLDsyslog.log file. For example, to retain 20,000 lines
from the previous OLDsyslog.log file along with the contents of the
previous syslog.log in the present OLDsyslog.log, put
PREV_OLDSYSLOG_LINES=20 in /etc/rc.config.d/syslogd. By default
PREV_OLDSYSLOG_LINES is set to 0.
syslogd configures itself when it starts up and whenever it receives a
hangup signal. Lines in the configuration file consist of a selector
to determine the message priorities to which the line applies and an
action. The action field is separated from the selector by one or
more tabs.
Selectors are semicolon separated lists of priority specifiers. Each
priority has a facility indicating the subsystem that generated the
message, a dot, and a level indicating the severity of the message.
Symbolic names can be used. An asterisk selects all facilities. All
messages of the specified level or higher (greater severity) are
selected. More than one facility can be selected, using commas to
separate them. For example:
Hewlett-Packard Company - 2 - HP-UX 11i Version 3 Feb 2007
syslogd(1M) syslogd(1M)
*.emerg;mail,daemon.crit
selects all facilities at the emerg level and the mail and daemon
facilities at the crit level.
The known facilities and levels recognized by syslogd are those listed
in syslog(3C) converted to lowercase without the leading LOG_. The
additional facility mark has a message at priority LOG_INFO sent to it
every 20 minutes (this can be changed with the -m flag). The mark
facility is not enabled by a facility field containing an asterisk.
The level none can be used to disable a particular facility. For
example,
*.debug;mail.none
selects all messages except mail messages.
The second part of each line describes where the message is to be
logged if this line is selected. There are four forms:
+ A file name (beginning with a leading slash). The file is
opened in append mode. If the file does not exist, it is
created.
+ A host name preceded by an @ character. Selected messages are
forwarded to the syslogd on the named host.
+ A comma-separated list of users. Selected messages are
written to those users' terminals if they are logged in.
+ An asterisk. Selected messages are written to the terminals
of all logged-in users.
Blank lines and lines beginning with a # character are ignored.
For example, the configuration file:
kern,mark.debug /dev/console
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root,eric,kridle
*.emerg *
*.emerg @admin
logs all kernel messages and 20 minute marks onto the system console,
all mail system messages to /var/adm/syslog/mail.log, and all messages
at info and above, except mail messages, to the file
/var/adm/syslog/syslog.log. Messages at alert and above are logged to
the console and to the users root, eric, and kridle if they are logged
in. emerg messages are written to all logged-in users' terminals, and
Hewlett-Packard Company - 3 - HP-UX 11i Version 3 Feb 2007
syslogd(1M) syslogd(1M)
forwarded to the host admin.
Only a superuser can invoke syslogd.
Notes
syslogd logs messages into a set of files. Once the size of a log
file reaches 2 GB, syslogd stops logging to that file. You can
configure the maximum size of syslogd log files by setting the
variable LOG_SIZE in /etc/default/syslogd. The values of LOG_SIZE can
be any positive integer greater than 2, representing the maximum size
of the file in GB. When LOG_SIZE=NOLIMIT, syslogd uses the limit
imposed by the file system on file size.
syslogd logs messages in a locale-independent fashion as a stream of
bytes and will replace each newline character in the message with a
blank space except for the last newline character. Applications using
the services of syslogd can log messages in different locales.
However, be careful when configuring syslogd so that messages from
different locales do not get logged to the same log file.
WARNINGS
A configuration file selector selects all messages at the specified
level or higher. The configuration lines:
user.debug /tmp/logfile
user.info /tmp/logfile
djt_nm# more /etc/default/syslogd
# Syslogd settings:
# See syslogd(1m) for supported variables, their
# interpretation, applicability restrictions,
# and their default values.
#
# NOTE: A short description of each supported variable
# is also provided in this template for your convenience.
# However, many of this information could change in the
# future. For the most up-to-date information, please
# refer to the syslogd(1m) man page.
# Limit the size of log files created by syslogd. The default limit is 2GB.
# The values to LOG_SIZE can be a positive integer greater than 2 representing
# size of file in GB. When LOG_SIZE=NOLIMIT, the filesystem imposed limit on
# file size is to be used.
LOG_SIZE=2
靠,2G呢,难怪说会撑死呢
djt_nm#
djt_nm#
djt_nm# ls
OLDsyslog.log mail.log syslog.log
djt_nm#
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/18055/showart_1805110.html |
|