Administering filesystems

Checking and clearing system log files

Your SCO OpenServer system maintains a number of log files that contain information about system usage. When new information is generated, the system appends it to the appropriate log file, preserving the previous contents of the file. Because some log files can rapidly become quite large, you should check these files periodically and, if necessary, clear them by deleting their contents.

You can manage these files by:

``Administrative log files'', lists the log files that are most likely to need clearing or trimming. Your system might include different log files from those listed, depending on your configuration and the utilities and application software installed. Depending on your system activity, you might need to check the files more or less frequently than indicated in the table. Use find(C) to locate unlisted large log files.

Administrative log files

Log File Purpose Checking frequency
/etc/wtmp historical login record automatic*
/usr/adm/pacct process accounting log file weekly
/usr/adm/messages system messages log file weekly
/usr/adm/sulog su(C) log file automatic*
/tcb/audittmp/* audit system temporary files weekly
/usr/spool/uucp/LOGFILE records of UUCP job requests, file transfers, system status monthly
/usr/spool/uucp/.Log/.Old/* old UUCP log files stored by uudemon.clean monthly
/usr/spool/lp/logs/requests record of print requests automatic*

You can maintain this file (and others) automatically; see ``Clearing log files automatically''.

Using the System Logs Manager

You can examine, clear, or print log files using the System Logs Manager, located in the System/Logs directory of the SCOadmin hierarchy. The System Logs Manager displays a list of current log files and the contents of the selected file.

To display the contents of a log file, select the file from the list.

To search for a pattern in the log file, enter the pattern in the ``Search'' field. Use the next and prev buttons to search for other occurrences of the pattern.

To print out a log file, select the file from the list, then select Print from the File menu.

To add a new log file to the list, select Include Log from the Log menu. You are asked to supply a location and a comment.

To omit a log file from the list, select the file from the list, then select Exclude Log from the Log menu.

To clear the contents of a log file, select the file from the list, then select Clear Log from the Log menu.

See also:

Clearing system log files from the command line

To clear a log file and retain the file permissions:

  1. Copy the file to a new filename. For example:

    cp /usr/adm/messages /usr/adm/messages.old

  2. Clear the file with one of these commands:
To monitor new information that is currently being appended to system log files, enter:

tail -f /usr/adm/messages

The -f (follow) option to the tail(C) command prints the last 10 lines of the file, followed by any lines that are appended to the file between the time you initiated and stopped (with <Del>) the tail command.

Clearing log files automatically

You can clear log files automatically using crontab(C) and cron(C). By adding a line to root's crontab file (/usr/spool/cron/crontabs/root), you can make your own file maintenance scripts execute daily, weekly, or monthly.

The following is one of the default entries in root's crontab file:

   17 5 * * 0 /etc/cleanup > /dev/null
See crontab(C) manual page for complete information on the format of the crontab file.

This entry runs /etc/cleanup each Sunday morning at 5:17.

NOTE: If multiple machines mount the same NFS filesystems, all machines will run the find at the same time, searching all the NFS-mounted filesystems as well as the local filesystems. Therefore, running this script without some modifications could impose heavy network load. For example, adding the -mount or -local options to the find(C) command will restrict the search to the root filesystem, or local filesystems, respectively.

The /etc/cleanup script looks like this:

# clean up super-user log
cp /usr/adm/sulog /usr/adm/Osulog
> /usr/adm/sulog
# clean up volcopy log
[ -f /etc/log/filesave.log ] && mv /etc/log/filesave.log /etc/log/Ofilesave.log
> /etc/log/filesave.log
chown root /etc/log/filesave.log
chgrp sys /etc/log/filesave.log
chmod 666 /etc/log/filesave.log
# clean up wtmp
> /etc/wtmp
# clean up miscellaneous files
find / -name core -atime +7 -exec rm -f {} \;
The /etc/cleanup script:

You can specify different files to clear and when to clear them by modifying /etc/cleanup and the /usr/spool/cron/crontabs/root file.

Next topic: Adding disk space and restructuring filesystems
Previous topic: Executing commands based on find output

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003