Finding Errors in /var/adm/messages file

Hi,
I am new to UNIX admin, i am going to write a script in such a way that it has to send a mail to root if any errors in /var/adm/messages file.
Can any one please send useful links or sample script file?
Thanks
Ramesh

http://www.sunfreeware.com/indexsparc9.html
look for logsurfer+-1.7-sol9-sparc-local.gz package (there's one for solaris8 and Solaris10, too). Also, you can search on http://www.sun.com/bigadmin/home/index.html
for these types of scripts.
John

Similar Messages

  • Getting lot of errors like :0x408 in /var/adm/messages file in Solaris 10

    Hi,
    Can anyone help me regarding the following errors being found in the /var/adm/messages file:
    Nov 24 03:36:07 x9ce1 :0x408
    Nov 24 03:36:07 x9ce1 dtcp: [ID 702911 kern.notice] WARNING GW (dtcp_klib.c,198) (53449,33458) (0xac120fd5,0xac126503)
    Nov 24 03:36:07 x9ce1 dtcp: [ID 702911 kern.notice] WARNING PS (ps_udp.c,415) Error ps_do_DB_PS_Udp_Placement
    Nov 24 03:36:07 x9ce1 :0x408
    Nov 24 03:56:06 x9ce1 :0x408
    Nov 24 03:56:06 x9ce1 dtcp: [ID 702911 kern.notice] WARNING GW (dtcp_klib.c,198) (55961,33458) (0xac120fd5,0xac126503)
    Nov 24 03:56:06 x9ce1 dtcp: [ID 702911 kern.notice] WARNING PS (ps_udp.c,415) Error ps_do_DB_PS_Udp_Placement
    Nov 24 03:56:06 x9ce1 :0x408
    The frequency of this error is very high and I wanted to find out what could be the reason behind its occurrence?
    Thanks.
    Any useful comments will be most welcome :)
    Jahan

    Check /etc/init.d/dtcp , i guess it would be copyrighted to fujitsu-siemens if its the fujitsu dtcp. You can also9 do a pkginfo -l SMAWdtcp, which seems to be the name of the fujitsu package. Hmm, odd name for a Fujitsu package.
    Actually i found the following Fujitsu bug:
    A0559315 Fix flood of messages like dml_send DB_PS_Udp_Con_Remove_List failed
    - caused by trying to send the message to a node that is down.
    .. which seems rather familiar.
    Its fixed with fujitsu patch 901199-08
    Other Fujitsu DTCP patches are
    901191-08 and 901244-01
    Note that to get Fujitsu patches you need a special account, once you have an account you can download them from http://patches.ts.fujitsu.com/

  • Scsi messages in /var/adm/messages file

    Hi,
    After open the /var/adm/messages i have the SCSI error messages:
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    bash-2.05$
    Please help me to correct this error
    Thank

    This issue on hostname `kapttdw2` seems to be the same as you reported in your other thread for hostname `kapttdw1`.
    [http://forums.sun.com/thread.jspa?threadID=5391935|http://forums.sun.com/thread.jspa?threadID=5391935]
    Perhaps you just need to label these disks (as you were advised for those other disks).
    Also, since these drives are in an EMC peripheral, you might consider opening a support case with that storage vendor and get advice from them.

  • /var/adm/messages file not updatiing

    Hi All!
    Can you pls help, I´m new into solaris, so I´ve got a problem, ever since I didi "> messages" inside the /var/adm/ direcotory the messages file does not update anymore.~
    I´ve done ps -ef ! grep syslogd, and the deamon is running. So pls can you help?
    regards
    F.R.

    Make sure /var/adm/message is writable by root only (chmod 600) and restart syslogd (svcadm restart system-log)

  • /var/adm/messages file empty

    Do not know the reason y messages file is empty already restarted the syslog daemon but still its showing empty .
    xxxxxxx# more /var/adm/messages
    xxxxxx#
    # ps -efo zone,pid,ppid,time,comm | grep syslog | grep global
    global 11861 1 00:10 /usr/sbin/syslogd
    svcs /system/system-log
    STATE STIME FMRI
    online Sep_10 svc:/system/system-log:default

    HI
    What happens if you type in :
    logger TEST
    Does it write it out to the file.
    Have you checked your /etc/syslog.conf file.
    Make sure it has tabs and not spaces between eg:
    *.debug /var/adm/messages

  • Error in /var/adm/messages

    All,
    I have a V480 running Solaris 8 attached to a CX700 array. I am kind of new to SANs. I am getting the following message:
    Jun 1 13:50:43 <sysname> scsi: [ID 107833 kern.warning] WARNING: /pci@8,700000/ide@6/sd@0,0 (sd0):
    Jun 1 13:50:43 <sysname> transport rejected (-1)
    The system seems to be working fine. Anyone know what might cause this?

    Kevin,
    How often is that "error" written to your MESSAGES file?
    Simply every once in a while, perhaps only at bootup ?
    Or, is it filling the logs in an annoying fashion ?
    That device path is to your CDROM/DVD drive.
    If the drive is empty, that would account for the data transport process being incomplete.
    So ...
    If it's just an occasional log entry, then ignore it.
    If this is an inordinate repetition of the error, then I'd suggest
    some sort of software root cause:
    -- maybe it's time for a Solaris patch cluster,
    -- maybe an over-eager volume management,
    -- perhaps a typo in a fstab file somewhere,
    -- or perhaps some other computer in your organization is trying to automount the drive through the network.

  • How to handle memory error in /var/adm/messages...

    Hi,
    I am getting the following error messages often in our
    systems. Any one of you elabrate what was the problem.
    SUNW,UltraSPARC-II: [ID 470261 kern.info] [AFT0]
    Corrected Memory Error detected by CPU3, errID
    0x0005a0b0.c96402a9
    AFSR 0x00000000.00100000<CE> AFAR 0x00000000.a92fd160
    AFSR.PSYND 0x0000(Score 05) AFSR.ETS 0x00
    Fault_PC0x10025280
    UDBH Syndrome 0x1f Memory Module U0402
    SUNW,UltraSPARC-II: [ID 394986 kern.info] [AFT0]
    errID0x0005a0b0.c96402a9 Corrected Memory Error on
    U0402 is Persistent
    SUNW,UltraSPARC-II: [ID 396483 kern.info] [AFT0]
    errID0x0005a0b0.c96402a9 ECC Data Bit 44 was in error
    and corrected
    Thanks

    It looks like one of your memory modules may need to be replaced. You should probably send the log info to your support contractor for detailed analysis.
    -R

  • Errors on /var/adm/messages

    hi, i have server / HP DL 385 g1/ with solaris 10x86. I have problem with log on messages:
    Jan 23 07:56:15 ora-db1 iscsi: [ID 454097 kern.notice] NOTICE: unrecognized ioctl 0x403
    Jan 23 07:56:15 ora-db1 iscsi: [ID 454097 kern.notice] NOTICE: unrecognized ioctl 0x42a
    Jan 23 07:56:15 ora-db1 iscsi: [ID 454097 kern.notice] NOTICE: unrecognized ioctl 0x401
    Jan 23 07:56:15 ora-db1 scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
    Jan 23 07:56:15 ora-db1 Invalid ioctl opcode = 0x403
    Jan 23 07:56:15 ora-db1 scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
    Jan 23 07:56:15 ora-db1 Invalid ioctl opcode = 0x42a
    Jan 23 07:56:15 ora-db1 scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
    Jan 23 07:56:15 ora-db1 Invalid ioctl opcode = 0x401
    what is this mesages? and what is help?thanks for any help

    I am getting the exact same error, but I am not running Oracle 10g, only running the Oracle agent. Wondering if it's truly caused by an Oracle bug or something related to the fiber adapters or kernel.
    hostname:/>uname -a
    SunOS hostname 5.10 Generic_127128-11 i86pc i386 i86pc
    hostname:/>ps -ef | grep ora
    oracle 827 1 0 Jun 15 ? 87:13 /opt/app/oracle/product/10.2/agent10g/perl/bin/perl /opt/app/oracle/product/10.
    oracle 835 827 0 Jun 15 ? 175:20 /opt/app/oracle/product/10.2/agent10g/bin/emagent
    root 27550 27520 0 09:45:10 pts/1 0:00 grep ora
    May 7 07:51:35 hostname iscsi: [ID 454097 kern.notice] NOTICE: unrecognized ioctl 0x403
    May 7 07:51:35 hostname iscsi: [ID 454097 kern.notice] NOTICE: unrecognized ioctl 0x42a
    May 7 07:51:35 hostname iscsi: [ID 454097 kern.notice] NOTICE: unrecognized ioctl 0x401
    May 7 07:51:35 hostname scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
    May 7 07:51:35 hostname Invalid ioctl opcode = 0x403
    May 7 07:51:35 hostname scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
    May 7 07:51:35 hostname Invalid ioctl opcode = 0x42a
    May 7 07:51:35 hostname scsi: [ID 243001 kern.warning] WARNING: /pseudo/fcp@0 (fcp0):
    May 7 07:51:35 hostname Invalid ioctl opcode = 0x401
    regards,
    Will

  • Errors in /var/adm/messages since using updatemanager to update

    Anyone know what these are about?
    Invalid configuration for instance svc:/network/rpc/rusers:default, placing in maintenance
    Invalid configuration for instance svc:/network/nfs/rquota:default, placing in maintenance

    This is a SMF message, might be cause by a problem that occured with a patch that was installed. These services are not related to SWUP. I recommend redirecting the question to the Solaris support forum http://forum.sun.com/category.jspa?categoryID=5
    Kayo Granillo

  • /var/adm/messages error

    Hi All,
    New to solaris
    I am getting the following error in the solaris 5.9 /var/adm/messages file.
    Mar 15 13:33:39 dxb01-sol-tfs in.routed[135]: [ID 798604 daemon.error] empty response from 10.1.251.4
    Is this any telnet related error or anything serious? Please advise
    Any help appreciated
    Rgds
    Najmal

    The first thing that you have to do is to snoop
    10.1.251.4 to see the traffic between localhost and
    that IP Address.Hi,
    Thanks veru much for the response.
    I have tried snoop and it gives the following message. What does this mean? Please help
    10.1.251.4 -> 10.1.255.255 RIP R (0 destinations)
    Rgds

  • Cmn_err doesnt log to /var/adm/messages

    HI,
    I am trying cmn_err to log my messages using different error level. But it is not logging messages to /var/adm/messages file, also not printing on console. I have tried diff options like ! ^ etc. but all efforts proved futile. Can anyone help me?
    - Mayur Talati

    We had a problem on one system similar to yours.
    It tured out that the problem was caused by someone
    removing /usr/ccs/bin/m4 in order to favor a locally
    installed version of m4 in /usr/local/bin. The problem is,
    the syslog daemon needs to find m4 when it starts
    and apparently it must be in /usr/ccs/bin/m4.
    Check if you have /usr/ccs/bin/m4 on your system and
    look in /var/adm/messages for any syslogd startup errors.

  • Email notification of warning messages generated in /var/adm/messages

    I�m using �mdmonitord� to periodically check status of my disks in RAID 1 (using Solaris Volume Management) If/when problem occurs the errors/warnings will be logged to[b] /var/adm/messages file. What do I need to configure/enable to monitor /var/adm/messages for particual WARNING messages and to notify me via email.
    Similar utility on LINUX is Logwatch: http://www2.logwatch.org:81/index.html

    Check /etc/init.d/dtcp , i guess it would be copyrighted to fujitsu-siemens if its the fujitsu dtcp. You can also9 do a pkginfo -l SMAWdtcp, which seems to be the name of the fujitsu package. Hmm, odd name for a Fujitsu package.
    Actually i found the following Fujitsu bug:
    A0559315 Fix flood of messages like dml_send DB_PS_Udp_Con_Remove_List failed
    - caused by trying to send the message to a node that is down.
    .. which seems rather familiar.
    Its fixed with fujitsu patch 901199-08
    Other Fujitsu DTCP patches are
    901191-08 and 901244-01
    Note that to get Fujitsu patches you need a special account, once you have an account you can download them from http://patches.ts.fujitsu.com/

  • Monitoring /var/adm/messages

    Hello to all,
    we are developing system for monitoring of the servers trough reading of the /var/adm/messages file.
    Since there are numerous messages in this file we are wondering what regular expressions to use in order to extract serious/critical alerts from this file.
    Does anybody have set of regular expressions to search for in this file for serious/critical events?
    Thanks in advance.
    Dejan

    Hi ,
    You can try to play whit /etc/syslog.conf . In this way you can made a filter for emergency and critical problem and redirect it to a specific file .
    For example , the following line will redirect all the the emargency and critical message to /var/adm/message.critical
    *.emerg;*.crit;* /var/adm/message.critical
    I hope this help to develop your tool
    xavier

  • /var/adm/messages regopen warning

    Hello,
    I am observing a warning message in the /var/adm/messages
    file of my Solaris 2.8 machine after I have run my application
    for several hours (under a load). The resulting behavior is that
    my application no longer responds to external requests and essentially
    appears to hang.
    The warning is the following:
    Aug 23 16:44:07 eas1nc2 reg: [ID 286125 kern.warning] WARNING: regopen: failed, attempted to open > 1000 streams
    Does anyone have any ideas as to what could be causing this
    as well as possible resolutions.
    Thanks in advance!!
    Brad

    Hello,
    Take a look at /etc/syslog.conf. I think that by deafult this file should contain two entries that make the system log into /var/adm/messages. Are there these entries?
    Bye,
    Joseba M. Iturbe

  • SSH Error in the /var/adm/messages

    Dears
    I Have an error that appers many times in the system messages file,
    **sshd[5437]: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer**
    i disabled the telnet and use the SSH to connect to the system, i dont have any problems in SSH my System but i always notice this error in the /var/adm/messages, does anyone knows what is this error and why it is generated?
    thanks

    Dear All i am also having the same problems
    No1: MY SEVER T1000 having this problem,
    Server was installed with jumpstart
    Connection to 172.16.14.52 closed by foreign host.
    # ssh 172.16.14.52
    @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that the RSA host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    69:15:c9:67:86:a4:43:95:9e:7d:d6:70:78:ea:46:cb.
    Please contact your system administrator.
    Add correct host key in /.ssh/known_hosts to get rid of this message.
    Offending key in /.ssh/known_hosts:3
    RSA host key for 172.16.14.52 has changed and you have requested strict checking.
    Host key verification failed
    No2: sshd[4070]: [ID 800047 auth.crit] fatal: Read from socket failed:Connection reset by peer
    any body can help me..

Maybe you are looking for