Log Files
Log files are used to hold information intended for the system administrator to look at when required. They need to be looked at depending on the type of information they contain, but if they are never likely to be looked at there is probably little point wasting disk space by storing the data. The major log files you need to be aware of are shown in Table 6.10, with guidance on how to keep them from growing too large.
| Log | Description | Housekeeping Method |
|---|---|---|
| /var/adm/utmp | Contains information about who is currently logged in and is read by the who command. Do not trim or remove this file unless it becomes corrupt. Replaced by /var/adm/utmpx in Solaris 9. | Do not touch this file unless the who command gives corrupt output, in which case you can empty it (all users should be logged off first). cp /dev/null /var/adm/utmp |
| /var/adm/wtmp | This contains an accumulative log of all users who have logged in. It is not a text file, but can be viewed using the who command (who /var/adm/wtmp). When users log in, they are added to both the utmp file and wtmp file. When they log out, they are removed from the utmp file but not wtmp. This file can grow very large if left unchecked. This file is being phased out to be replaced by wtmpx. | Empty the file when required. cp /dev/null /var/adm/wtmp |
| /var/adm/wtmpx | This log file is similar to the wtmp file (and Solaris 9 has completely replaced it) in that it holds accumulated login information and is not a text file. It is read by the last command. | Empty the file when required. cp /dev/null /var/adm/wtmpx |
| /var/adm/sulog | This is a text file containing a record of all attempts made by users to switch to another user's ID. The entry will contain a “+” if the attempt succeeded or a “-” if it failed. This should be looked through on a regular basis for anything suspicious, such as a user gaining access to root that shouldn't (see Chapter 1, “The System Administrator's Role”). | This file can either be emptied or you could remove all but the last “X” number of lines. If you wish to keep a long history of login attempts, this file can be rotated as shown in the housekeeping script at the end of this chapter. |
| /var/adm/messages | This text file is very important to the system administrator. It contains information on a variety of system events. | Solaris automatically rotates this file, so it should not need any special treatment. |
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.