Installation guide

ManualsBrandsDigital Equipment Corporation ManualsComputer equipmentLG06

361

362

363

364

365

366

367

368

369

370

13.3 Recovering Event Logs After a System Crash

You can recover unprocessed messages and binary event-log records from a

system crash when you reboot the system.

The msgbuf.err entry in the /etc/syslog.conf ﬁle speciﬁes the

destination of the kernel syslog message buffer msgbuf that is recovered

from the dump ﬁle. The default /etc/syslog.conf ﬁle entry for the

kernel syslog message buffer ﬁle is as follows:

msgbuf.err /var/adm/crash/msgbuf.savecore

The dumpfile entry in the /etc/binlog.conf ﬁle speciﬁes the ﬁle name

destination for the kernel binary event-log buffer that is recovered from the

dump ﬁle. The default /etc/binlog.conf ﬁle entry for the kernel binary

event-log buffer ﬁle is as follows:

dumpfile /usr/adm/crash/binlogdumpfile

If a crash occurs, the syslogd and binlogd daemons cannot read the

/dev/klog and /dev/kbinlog special ﬁles and process the messages and

binary event records. When you reboot the system, the savecore command

runs and, if a dump ﬁle exists, recovers the kernel syslog message and

binary event-log buffers from the dump ﬁle. After savecore runs, the

syslogd and binlogd daemons are started.

The syslogd daemon reads the syslog message buffer ﬁle, checks that its

data is valid, and then processes it in the same way that it normally

processes data from the /dev/klog ﬁle, using the information in the

/etc/syslog.conf ﬁle.

The binlogd daemon reads the binary event-log buffer ﬁle, checks that its

data is valid, and then processes the ﬁle in the same way that it processes

data from the /dev/kbinlog special ﬁle, using the information in the

/etc/binlog.conf ﬁle.

After the syslogd and binlogd daemons are ﬁnished with the buffer ﬁles,

the ﬁles are deleted.

13.4 Maintaining Log Files

If you specify full pathnames for the message destinations in the

/etc/syslog.conf and /etc/binlog.conf ﬁles, the log ﬁles will grow

in size. Also, if you conﬁgure the syslogd daemon to create daily

directories and log ﬁles, eventually there will be many directories and ﬁles,

although the ﬁles themselves will be small. Therefore, you must keep track

of the size and the number of log ﬁles and daily directories and delete ﬁles

and directories if they become unwieldy.

Administering Events and Errors 13–13