From: Rossi.ettore (rossi.ettore@email.it)
Date: Sun May 22 2005 - 06:43:56 EDT
Good evening HP-UX admin people,
I have a customer with an HP-UX 11.23 system which has strange entries in
/var/adm/syslog/syslog.log:
Feb 16 17:07:06 rx1600 syslog: Error reading field (3) for AN
Feb 16 17:17:28 rx1600 syslog: read error (Error 0)
Feb 16 17:17:28 rx1600 syslog: Abnormal end
Feb 16 17:17:28 rx1600 syslog: Error reading field (3) for AN
Feb 16 17:17:28 rx1600 syslog: Error reading field 21
...........
so far too
These messages happen every few minutes.
By debug of syslogd (with -d option) I could understand they are at the user
level messages:
logmsg: pri 15, flags 0, from rx1600, msg May 18 17:22:02 syslog: read error
(Error 0) Logging to FILE /var/adm/syslog/syslog.log readfds = 0xe8 0x3 0x6
0x7 0x5 got a message (1, 0x8)
logmsg: pri 16, flags 0, from rx1600, msg May 18 17:22:02 syslog: Abnormal
end Logging to FILE /var/adm/syslog/syslog.log readfds = 0xe8 0x3 0x6 0x7
0x5 got a message (1, 0x8)
logmsg: pri 14, flags 0, from rx1600, msg May 18 17:22:02 syslog: Error
reading field (3) for AN Logging to FILE /var/adm/syslog/syslog.log readfds
= 0xe8 0x3 0x6 0x7 0x5 got a message (1, 0x8)
logmsg: pri 14, flags 0, from rx1600, msg May 18 17:22:02 syslog: Error
reading field 21 Logging to FILE /var/adm/syslog/syslog.log readfds = 0xe8
0x3 0x6 0x7 0x5 got a message (1, 0x8)
About the /usr/include/syslog.h file:
/*
* Facility codes
*/
#define LOG_KERN (0<<3) /* kernel messages */
#define LOG_USER (1<<3) /* random user-level messages */
#define LOG_MAIL (2<<3) /* mail system */
#define LOG_DAEMON (3<<3) /* system daemons */
#define LOG_AUTH (4<<3) /* security/authorization messages */
#define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd
*/
#define LOG_LPR (6<<3) /* line printer subsystem */
....................................................
/*
* Priorities (these are ordered)
*/
#define LOG_EMERG 0 /* system is unusable */
#define LOG_ALERT 1 /* action must be taken immediately */
#define LOG_CRIT 2 /* critical conditions */
#define LOG_ERR 3 /* error conditions */
#define LOG_WARNING 4 /* warning conditions */
#define LOG_NOTICE 5 /* normal but signification condition */
#define LOG_INFO 6 /* informational */
#define LOG_DEBUG 7 /* debug-level messages */
In bold you will find the facilities whence come those messages. So for
example
logmsg: pri 15
means
facility code = 1
priorities = 5
Then all messages come from \"random user-level messages\" and no daemons or
other known facilties of the operating system.
I think the reason is a batch file of an user running on the system so I
suggested him for example:
find / -type f | xargs grep -l \"read error\"
find / -type f | xargs grep -l \"abnormal end\"
to looking for those strings in the some scripts or programs but nothing
yet, no useful information found.
Please I ask your experience about how to discover what or who is sending
those messages in the syslog.log file.
I already provided to customer information about how to separate those user
level messages from syslog.log to another log file but it is not enough
because customer wants to know where they come from.
Thanks in advance for your replies, I will summarize.
Best regards,
Fabio Porcelli
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Audio, Video, HI-FI...oltre 2.000 prodotti di alta qualità a prezzi da
sogno solo su Visualdream.it
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2955&d=20050522
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:47 EDT