/var/adm/messages problem

Hi,
I have a solaris 9 system.
For some reason the /var/adm/messages is not getting populated whereas /var/adm/messages.0 is getting populated.
$pwd
/var/adm
$ ls -ltr
-rw-r--r-- 1 root root 17816 Jan 6 15:37 messages.1
-rw-r--r-- 1 root root 0 Jan 7 03:10 messages
-r--r--r-- 1 root root 3240160 Jan 14 10:15 lastlog
-rw------- 1 root root 3882 Jan 14 12:05 sulog
-rw-r--r-- 1 root root 16765 Jan 14 12:06 messages.0
Does anybody know the reason and hoow to fix this
Thanks
Regards,
Satish

#cat /etc/logadm.conf
/var/log/syslog -C 8 -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/adm/messages -C 2 -P 'Fri Jan 7 11:10:00 2005'
/var/cron/log -P 'Tue Jan 18 11:10:00 2005' -c -s 512k -t /var/cron/olog
/var/lp/logs/lpsched -C 2 -N -t '$file.$N'
# The entry below is used by turnacct(1M)
/var/adm/pacct -C 0 -N -a '/usr/lib/acct/accton pacct' -g adm -m 664 -o adm -p never
Thanks
Satish
# crontab -l
10 3 * * * /usr/sbin/logadm
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean

Similar Messages

Email notification of warning messages generated in /var/adm/messages

I�m using �mdmonitord� to periodically check status of my disks in RAID 1 (using Solaris Volume Management) If/when problem occurs the errors/warnings will be logged to[b] /var/adm/messages file. What do I need to configure/enable to monitor /var/adm/messages for particual WARNING messages and to notify me via email.
Similar utility on LINUX is Logwatch: http://www2.logwatch.org:81/index.html

Check /etc/init.d/dtcp , i guess it would be copyrighted to fujitsu-siemens if its the fujitsu dtcp. You can also9 do a pkginfo -l SMAWdtcp, which seems to be the name of the fujitsu package. Hmm, odd name for a Fujitsu package.
Actually i found the following Fujitsu bug:
A0559315 Fix flood of messages like dml_send DB_PS_Udp_Con_Remove_List failed
- caused by trying to send the message to a node that is down.
.. which seems rather familiar.
Its fixed with fujitsu patch 901199-08
Other Fujitsu DTCP patches are
901191-08 and 901244-01
Note that to get Fujitsu patches you need a special account, once you have an account you can download them from http://patches.ts.fujitsu.com/

Different msgid shown in /var/adm/message as opposed to command line.

I've been trying to investigate an issue of how the /var/adm/messages alarms which has a message ID is different from a command line msgid output but have not been successful.
The test I have done is as follow:
logger -p local0.error -t TEST "Test Alarm for message ID"
The output I get in /var/adm/messages is :
May 3 14:00:28 hostname TEST: [ID 702911 local0.error] Test Alarm for message ID
However, when I compare the ID generated with /usr/sbin/msgid, the ID seems to be different.
bash-3.00# echo "Test Alarm for message ID" | msgid
*231001* Test Alarm for message ID
As you can see, the ID generated is different. Because of this, it's causing some issues on the alarm monitoring system and everything seems to fall under ID 702911. Anyone know how I can solve this problem?
Thanks in advance.

The source code for logger is available:
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/logger/logger.c
You could try fixing it... Looking at the syslog() calls it clearly has "%s" as one of the options. I guess you could find another piece of source code that makes syslog() calls and figure out what construct "should" be there.

Monitoring /var/adm/messages

Hello to all,
we are developing system for monitoring of the servers trough reading of the /var/adm/messages file.
Since there are numerous messages in this file we are wondering what regular expressions to use in order to extract serious/critical alerts from this file.
Does anybody have set of regular expressions to search for in this file for serious/critical events?
Thanks in advance.
Dejan

Hi ,
You can try to play whit /etc/syslog.conf . In this way you can made a filter for emergency and critical problem and redirect it to a specific file .
For example , the following line will redirect all the the emargency and critical message to /var/adm/message.critical
*.emerg;*.crit;* /var/adm/message.critical
I hope this help to develop your tool
xavier

SSH Error in the /var/adm/messages

Dears
I Have an error that appers many times in the system messages file,
**sshd[5437]: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer**
i disabled the telnet and use the SSH to connect to the system, i dont have any problems in SSH my System but i always notice this error in the /var/adm/messages, does anyone knows what is this error and why it is generated?
thanks

Dear All i am also having the same problems
No1: MY SEVER T1000 having this problem,
Server was installed with jumpstart
Connection to 172.16.14.52 closed by foreign host.
# ssh 172.16.14.52
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
69:15:c9:67:86:a4:43:95:9e:7d:d6:70:78:ea:46:cb.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending key in /.ssh/known_hosts:3
RSA host key for 172.16.14.52 has changed and you have requested strict checking.
Host key verification failed
No2: sshd[4070]: [ID 800047 auth.crit] fatal: Read from socket failed:Connection reset by peer
any body can help me..

/var/adm/messages file not updatiing

Hi All!
Can you pls help, I´m new into solaris, so I´ve got a problem, ever since I didi "> messages" inside the /var/adm/ direcotory the messages file does not update anymore.~
I´ve done ps -ef ! grep syslogd, and the deamon is running. So pls can you help?
regards
F.R.

Make sure /var/adm/message is writable by root only (chmod 600) and restart syslogd (svcadm restart system-log)

Cmn_err doesnt log to /var/adm/messages

HI,
I am trying cmn_err to log my messages using different error level. But it is not logging messages to /var/adm/messages file, also not printing on console. I have tried diff options like ! ^ etc. but all efforts proved futile. Can anyone help me?
- Mayur Talati

We had a problem on one system similar to yours.
It tured out that the problem was caused by someone
removing /usr/ccs/bin/m4 in order to favor a locally
installed version of m4 in /usr/local/bin. The problem is,
the syslog daemon needs to find m4 when it starts
and apparently it must be in /usr/ccs/bin/m4.
Check if you have /usr/ccs/bin/m4 on your system and
look in /var/adm/messages for any syslogd startup errors.

Syslogd not posting to /var/adm/messages

Syslogd starts ok but will not send anything to /var/adm/messages. I did remove the existing zero value file and stopped and restarted syslog and it created a new messages file but will not populate it. All the rest of the logs appears to be populating correctly.
Contents of syslogd.conf is standard:
#ident "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
# syslog configuration file.
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
*.alert;kern.err;daemon.err                     operator
*.alert;local1.none     root
*.emerg                                         *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *
local1.debug            /usr/tmp/TAMAR_LOGI noticed the following on the console during bootup:
syslogd: line 12: unknown priority name "notice /dev/sysmsg"
syslogd: line 13: unknown priority name "crit /var/adm/messages"
syslogd: line 15: unknown priority name "err operator"
syslogd: line 16: unknown priority name "none root"
syslogd: line 18: unknown priority name "emerg *"
syslogd: line 24: unknown priority name "debug /var/log/syslog"
syslogd: line 31: unknown priority name "debug /usr/tmp/TAMAR_LOG"
/etc/default/syslogd has no uncommented line in the file.
At a loss on this one. Any ideas/suggestions

I found the solution to this problem. Turns out for reasons unknown to me the whitespace in the syslog.conf file got converted from tabs to spaces. As soon as I made all the white space tabs everything started working.. Go figure.

/var/adm/messages tells misterios things

This is what my messages says:
Feb 3 08:43:58 [xxx.xxx.xxx.xxx.7.120] 5971: 30w2d: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
Feb 3 08:43:58 [xxx.xxx.xxx.xxx.7.120] 5972: 30w2d: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
Feb 3 08:44:25 [xxx.xxx.xxx.xxx.7.120] 5973: 30w2d: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
Feb 3 08:44:26 [xxx.xxx.xxx.xxx.7.120] 5975: 30w2d: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
Feb 3 08:44:51 [xxx.xxx.xxx.xxx.7.120] 5976: 30w2d: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
Feb 3 08:44:52 [xxx.xxx.xxx.xxx.7.120] 5978: 30w2d: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
Does anyone know why it does so.

It looks like you are receiving syslog messages from a Cisco router with a BRI interface. Apparently the interface is having problems in addition. You could remove the config in the router that sends the messages to you ( no logging host xxx.xxx.xxx.xxx) or just modify the syslogd.conf file to send the messages to a file other than /var/adm/messages.
ChrisV

Sun logs: /var/adm/messages vs. /var/svc/log/*

On Solaris 10, is /var/adm/messages still the "gold standard" for startup and shutdown log messages, or have the critical logs moved to /var/svc/log/$service_name?
It's not like I can't look in one or the other, but I'm trying to gauge the relative importance of the two.
Is there another location that I'm overlooking?

aaron.m wrote:
On Solaris 10, is /var/adm/messages still the "gold standard" for startup and shutdown log messages, or have the critical logs moved to /var/svc/log/$service_name?Depends on what you mean by "startup" messages. There are two types I can think of.
During boot the kernel might generate a few messages about drivers and buffers and stuff. This is stored in a kernel buffer that is visible when you type 'dmesg'. When syslog starts up, it dumps the contents into the messages file so you have a static copy. I don't think this behavior changes between Solaris 9 and Solaris 10.
For the actual startup "scripts" (SMF, /etc/init.d, /etc/rc?), Solaris 9 and earlier didn't have any sort of capture location. It was common for scripts to print to STDOUT/STDERR, and that would be delivered to the console only. Since many of the scripts are running before filesystems are mounted read/write, it didn't try to save the output.
Now with SMF, it does more work to capture that output and you can find that in the service log files that you mention.
So none of the logs have really moved, but you now have more logs than you did before.
Darren

/var/adm/messages regopen warning

Hello,
I am observing a warning message in the /var/adm/messages
file of my Solaris 2.8 machine after I have run my application
for several hours (under a load). The resulting behavior is that
my application no longer responds to external requests and essentially
appears to hang.
The warning is the following:
Aug 23 16:44:07 eas1nc2 reg: [ID 286125 kern.warning] WARNING: regopen: failed, attempted to open > 1000 streams
Does anyone have any ideas as to what could be causing this
as well as possible resolutions.
Thanks in advance!!
Brad

Hello,
Take a look at /etc/syslog.conf. I think that by deafult this file should contain two entries that make the system log into /var/adm/messages. Are there these entries?
Bye,
Joseba M. Iturbe

Scsi messages in /var/adm/messages file

Hi,
After open the /var/adm/messages i have the SCSI error messages:
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
bash-2.05$
Please help me to correct this error
Thank

This issue on hostname `kapttdw2` seems to be the same as you reported in your other thread for hostname `kapttdw1`.
[http://forums.sun.com/thread.jspa?threadID=5391935|http://forums.sun.com/thread.jspa?threadID=5391935]
Perhaps you just need to label these disks (as you were advised for those other disks).
Also, since these drives are in an EMC peripheral, you might consider opening a support case with that storage vendor and get advice from them.

Getting lot of errors like :0x408 in /var/adm/messages file in Solaris 10

Hi,
Can anyone help me regarding the following errors being found in the /var/adm/messages file:
Nov 24 03:36:07 x9ce1 :0x408
Nov 24 03:36:07 x9ce1 dtcp: [ID 702911 kern.notice] WARNING GW (dtcp_klib.c,198) (53449,33458) (0xac120fd5,0xac126503)
Nov 24 03:36:07 x9ce1 dtcp: [ID 702911 kern.notice] WARNING PS (ps_udp.c,415) Error ps_do_DB_PS_Udp_Placement
Nov 24 03:36:07 x9ce1 :0x408
Nov 24 03:56:06 x9ce1 :0x408
Nov 24 03:56:06 x9ce1 dtcp: [ID 702911 kern.notice] WARNING GW (dtcp_klib.c,198) (55961,33458) (0xac120fd5,0xac126503)
Nov 24 03:56:06 x9ce1 dtcp: [ID 702911 kern.notice] WARNING PS (ps_udp.c,415) Error ps_do_DB_PS_Udp_Placement
Nov 24 03:56:06 x9ce1 :0x408
The frequency of this error is very high and I wanted to find out what could be the reason behind its occurrence?
Thanks.
Any useful comments will be most welcome :)
Jahan

Check /etc/init.d/dtcp , i guess it would be copyrighted to fujitsu-siemens if its the fujitsu dtcp. You can also9 do a pkginfo -l SMAWdtcp, which seems to be the name of the fujitsu package. Hmm, odd name for a Fujitsu package.
Actually i found the following Fujitsu bug:
A0559315 Fix flood of messages like dml_send DB_PS_Udp_Con_Remove_List failed
- caused by trying to send the message to a node that is down.
.. which seems rather familiar.
Its fixed with fujitsu patch 901199-08
Other Fujitsu DTCP patches are
901191-08 and 901244-01
Note that to get Fujitsu patches you need a special account, once you have an account you can download them from http://patches.ts.fujitsu.com/

Finding Errors in /var/adm/messages file

Hi,
I am new to UNIX admin, i am going to write a script in such a way that it has to send a mail to root if any errors in /var/adm/messages file.
Can any one please send useful links or sample script file?
Thanks
Ramesh

http://www.sunfreeware.com/indexsparc9.html
look for logsurfer+-1.7-sol9-sparc-local.gz package (there's one for solaris8 and Solaris10, too). Also, you can search on http://www.sun.com/bigadmin/home/index.html
for these types of scripts.
John

/var/adm/messages error

Hi All,
New to solaris
I am getting the following error in the solaris 5.9 /var/adm/messages file.
Mar 15 13:33:39 dxb01-sol-tfs in.routed[135]: [ID 798604 daemon.error] empty response from 10.1.251.4
Is this any telnet related error or anything serious? Please advise
Any help appreciated
Rgds
Najmal

The first thing that you have to do is to snoop
10.1.251.4 to see the traffic between localhost and
that IP Address.Hi,
Thanks veru much for the response.
I have tried snoop and it gives the following message. What does this mean? Please help
10.1.251.4 -> 10.1.255.255 RIP R (0 destinations)
Rgds

/var/adm/messages problem

Similar Messages

Maybe you are looking for