Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

errpt - no new entries

Status
Not open for further replies.
DebiJo

DebiJo

Technical User
Apr 30, 2002
363
US
Starting a few days ago, my errpt seems to have gone back in time. There are no new entries since 12/03/03. Which is real unusal being that these should have been deleted months ago. In crontab I have the errclear command with S,0 30 and H 90. The /var/adm/ras/errlog file has today's date, like it's been modifed today. The system date is correct.

Why am I not getting any new errpt entries. All was fine until just a few days ago. Any ideas?

Thanks in advance,
Debi
 
Sort by date Sort by votes
The errdemon could be down.

ps -uroot | grep errdemon

"/usr/lib/errdemon" will restart it.

If it's running, or you've just restarted it, you can use errlogger to force an entry to test it:

errlogger "this is only a test"







Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L

 
Upvote 0 Downvote
Thanks, I have been trying a few things since my post. The errdemon is up and running. Errorlogger did write a message. But I know there were entries since December. And the December entries should be long gone. So, something is not working.

Thanks again,
Debi
AIX V5.1
 
Upvote 0 Downvote
If you're 100% sure the December entries were gone, this might be a bad restore of some sort. Does anyone else (that might have done something) have root privileges on the machine?

I'd say check to be sure your errpt isn't aliased to point to some other file, but if that were the case you wouldn't have seen your errlogger message.

Not to be an alarmist, but error log manipulation is also something a rootkit would attempt, so you should be aware of that.

For now, I'd back up the current log, zero it completely, and add a daily errlogger entry to your root crontab as a "heartbeat".

If the Trusted Computing Base is installed, you can do a "tcbck -n" to see what errors it finds without attempting to fix them. Otherwise, if you have access to a system at the same oslevel, you can compare md5 checksums of the binaries related to error logging.


Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L

 
Upvote 0 Downvote
Well, I did a restore and I feel much better now. The 12/03 entries were still there in June when I had newer entries as well. I've just got to figure out why I don't appear to be getting many new entries. I used to get entries for reboots and when errorlogging when off and on and other such stuff, they just aren't showing up anymore. At least I got these kind of messages on my old 4.3.2 box. Is there settings for that kind of stuff somewhere? I thought they were appearing on this new box, but I could be confused. :)

Thanks again,
Debi
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

A
  • Locked
  • Question
Adding Existing LUN to New LPAR AIX
Replies
0
Views
404
Alvinghost
A
E
  • Locked
  • Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
1
Views
474
JenLM
J
Gab_aix
  • Locked
  • Question
mkuser not working
Replies
1
Views
286
TSch
TSch
tmpmoa
  • Locked
  • Question
Could not load program git-remote-http in AIX
Replies
0
Views
153
tmpmoa
tmpmoa
Prince26
  • Locked
  • Question
Not able to send mail from AIX server 1
Replies
1
Views
278
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top