[HPADM] HP-UX: syslog.log: strange entries

From: Rossi.ettore (rossi.ettore_at_email.it)
Date: 05/22/05

  • Next message: Stuart Abramson: "[HPADM] disk Performance test" 
    Date: Sun, 22 May 2005 12:43:56 +0200
To: hpux-admin@dutchworks.nl

    Good evening HP-UX admin people,

    I have a customer with an HP-UX 11.23 system which has strange entries in
    /var/adm/syslog/syslog.log:

    Feb 16 17:07:06 rx1600 syslog: Error reading field (3) for AN
    Feb 16 17:17:28 rx1600 syslog: read error (Error 0)
    Feb 16 17:17:28 rx1600 syslog: Abnormal end
    Feb 16 17:17:28 rx1600 syslog: Error reading field (3) for AN
    Feb 16 17:17:28 rx1600 syslog: Error reading field 21
    ...........
    so far too

    These messages happen every few minutes.
    By debug of syslogd (with -d option) I could understand they are at the user
    level messages:

    logmsg: pri 15, flags 0, from rx1600, msg May 18 17:22:02 syslog: read error
    (Error 0) Logging to FILE /var/adm/syslog/syslog.log readfds = 0xe8 0x3 0x6
    0x7 0x5 got a message (1, 0x8)
    logmsg: pri 16, flags 0, from rx1600, msg May 18 17:22:02 syslog: Abnormal
    end Logging to FILE /var/adm/syslog/syslog.log readfds = 0xe8 0x3 0x6 0x7
    0x5 got a message (1, 0x8)
    logmsg: pri 14, flags 0, from rx1600, msg May 18 17:22:02 syslog: Error
    reading field (3) for AN Logging to FILE /var/adm/syslog/syslog.log readfds
    = 0xe8 0x3 0x6 0x7 0x5 got a message (1, 0x8)
    logmsg: pri 14, flags 0, from rx1600, msg May 18 17:22:02 syslog: Error
    reading field 21 Logging to FILE /var/adm/syslog/syslog.log readfds = 0xe8
    0x3 0x6 0x7 0x5 got a message (1, 0x8)
    About the /usr/include/syslog.h file:

    /*
     * Facility codes
     */
    #define LOG_KERN (0<<3) /* kernel messages */
    #define LOG_USER (1<<3) /* random user-level messages */
    #define LOG_MAIL (2<<3) /* mail system */
    #define LOG_DAEMON (3<<3) /* system daemons */
    #define LOG_AUTH (4<<3) /* security/authorization messages */
    #define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd
    */
    #define LOG_LPR (6<<3) /* line printer subsystem */
    ....................................................

    /*
     * Priorities (these are ordered)
     */
    #define LOG_EMERG 0 /* system is unusable */
    #define LOG_ALERT 1 /* action must be taken immediately */
    #define LOG_CRIT 2 /* critical conditions */
    #define LOG_ERR 3 /* error conditions */
    #define LOG_WARNING 4 /* warning conditions */
    #define LOG_NOTICE 5 /* normal but signification condition */
    #define LOG_INFO 6 /* informational */
    #define LOG_DEBUG 7 /* debug-level messages */

    In bold you will find the facilities whence come those messages. So for
    example

    logmsg: pri 15
     
    means

    facility code = 1
    priorities = 5

    Then all messages come from \"random user-level messages\" and no daemons or
    other known facilties of the operating system.

    I think the reason is a batch file of an user running on the system so I
    suggested him for example:

    find / -type f | xargs grep -l \"read error\"
    find / -type f | xargs grep -l \"abnormal end\"

    to looking for those strings in the some scripts or programs but nothing
    yet, no useful information found.

    Please I ask your experience about how to discover what or who is sending
    those messages in the syslog.log file.

    I already provided to customer information about how to separate those user
    level messages from syslog.log to another log file but it is not enough
    because customer wants to know where they come from.

    Thanks in advance for your replies, I will summarize.

    Best regards,
    Fabio Porcelli
     --
     Email.it, the professional e-mail, gratis per te: http://www.email.it/f
     
     Sponsor:
     Audio, Video, HI-FI...oltre 2.000 prodotti di alta qualità a prezzi da
    sogno solo su Visualdream.it
     Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2955&d=20050522 

    --
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)
  • Next message: Stuart Abramson: "[HPADM] disk Performance test"