01-11-2009 07:58 PM
Will it be possible to do this by writing a script which will search for the messages and then cut those messages from syslog.log?
Thanks in advance.
01-11-2009 08:41 PM
then compress the copy.
Here is a quick method to filter intersting messages:
grep -ie fail -e crit -e error -e disable -e lock /var/adm/syslog/syslog.log
Another method to analyze syslog is to look for repeating messages. This will count the number of times the same message is recorded in syslog:
cat /var/adm/syslog/syslog.log \
| sed -e "s/^.*$MYHOST//" -e 's/\[[0-9]*\]//' \
| grep -v "above message repeats" \
| sort \
| uniq -c \
| sort -rn
The above script will point out messages that occur over and over.
01-12-2009 02:31 AM
Another way you might want to reduce the size of your 'syslog.log' is to _not_ record too much information in the first place. Perhaps that is one issue you have. For instance, you may be retaining part of the previous log with 'PREV_OLDSYSLOG_LINES' or you may have debugging log levels set when you no longer need them.
You can also configure your logging to keep a message class in a separate file other than 'syslog'.
Have a look at the 'syslogd(1M)' manpages for specific details and examples.
01-14-2009 06:43 AM
Currently there is a error msg that keep appearing in syslog.log. This error msg is harmless and can be disregard.
If removing this error message from syslog.log is too complex, is there anyway we can filter the error coming in, such as telling the server that it can disregard this particular error msg?
01-14-2009 06:51 AM
If the message is "harmless" but "annoying" you can modify your '/etc/rc.config.d/syslogd' to enable the facility and priority logging with the message. Then, you may be able to explictly reconfigure '/etc/syslog.conf' to ignore the message.