MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
August
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2005
Months
Jan Feb Mar
Apr May Jun
Jul AugSep
Oct Nov Dec


Wed, Aug 10, 2005 11:57 am

Moving Sendmail's Maillog File

I noticed that a Solaris 5.7 system had run out of free space on the var partition. A "df -k" showed only a few bytes free. 

# df -k
Filesystem            kbytes    used   avail capacity  Mounted on
/proc                      0       0       0     0%    /proc
/dev/dsk/c0t0d0s0    2052750 1420927  570241    72%    /
fd                         0       0       0     0%    /dev/fd
/dev/dsk/c0t0d0s3    1015542  953786     824   100%    /var
/dev/dsk/c0t0d0s4    5058110 3396738 1610791    68%    /home
swap                  212496     872  211624     1%    /tmp

I checked /var/log and found that log files were not being rotated and several had grown quite large. So I moved those to another partition. I then used the touch command to create new empty copies of the files and changed their protection so only root, which owned the files, had access.

touch sshd.log
touch maillog
chmod 600 sshd.log
chmod 600 maillog

But the system didn't seem to realize that I had moved those large files elsewhere. It didn't show any increase in free space with "df -k" after I moved the files. I logged into a user account, brought up Pine, and deleted several messages with large attachments. The system then showed an increase in free space and email started coming into the account again. It hadn't been coming in because there was no room to store it on the /var partition.

I then noticed the system didn't seem to be using the new files I created with the touch command. The sshd.log and maillog files weren't growing. I logged into the system with sshd, but no entry was placed in /var/log/sshd.log file for the login. And, though, new mail was coming in, no entries were placed in /var/log/maillog. When I checked the /var/log/syslog file I found that mail entries were appearing there. I checked /etc/syslog.conf and found the following entry that should put entries for sendmail email deliveries in /var/log/maillog. 

mail.info                                       /var/log/maillog

And there was an entry that should have been putting entries in /var/log/sshd.log for ssh connections. 

daemon.info                                     /var/log/sshd.log

The system had been placing the appropriate entries in those two files until I moved the maillog and sshd.log files. I then realized I probably needed to restart syslog. When I restarted it, the system suddenly acknowledged that I had a great deal more free space on the var partition and an "ls -l /var/log" showed the sshd.log and maillog files growing. And when I checked them I saw that entries were being added again for ssh logins and email deliveries.

# /etc/init.d/syslog stop
# /etc/init.d/syslog start
syslog service starting.

[/os/unix/solaris] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo