Restart Syslog

In this example, if the system messages file is not being updated, we automatically restart syslog.

For unknown reasons, on our SUSE Linux systems (versions 9.3 and earlier), syslog is prone to hang, or stop.  This is indicated when the /var/log/messages file stops updating.  We have another PIKT script, FileUpdates, that has been warning us of the syslog hangs, but we grew tired of having to do the syslog restart manually.  Hence this special restart syslog script.

The RestartSyslog script might send an alert message like the following: 

                                PIKT ALERT
                         Fri Dec  2 09:28:06 2005
                                  athens

URGENT:
    RestartSyslog
        If the system messages file is not being updated, restart syslog

        /var/log/messages is outdated, is 37118 seconds old
        restarted syslog

RestartSyslog makes reference to the =fileages_obj macro, which resolves to the name of the FileAges.obj file.  The script follows. 

RestartSyslog

        init
                status =piktstatus
                level =piktlevel
                task "If the system messages file is not being updated, restart syslog"
                input file "=fileages_obj"
                dat $name    1
                dat #maxdays 2
                dat #maxsecs 3

        rule    // bypass all files except the system messages file
                if $name ne "/var/log/messages"
                        next
                endif

        rule    // we have the system messages file, so proceed
                set #maxage = #maxdays * =secs_in_day + #maxsecs
                set $ll = $command("=ll $name")
                =set_lineage($ll)
#ifdef test
                if #lineage > 10        // if messages is more than 10 seconds old
#elsedef
                if #lineage > #maxage
#endifdef
                        output mail "$name is outdated, is $text(#lineage) seconds old"
                        =execwait "/etc/init.d/syslog restart"
                        output mail "restarted syslog"
                endif
                quit    // don't bother to process other files

A simpler version of the script (one that doesn't make reference to the fileage parameters in FileAges.obj) might look like the following: 

RestartSyslog

        init
                status =piktstatus
                level =piktlevel
                task "If the system messages file is not being updated, restart syslog"

        end
                set $ll = $command("=ll /var/log/messages")
                =set_lineage($ll)
                if #lineage > 10800     // if messages is more than 10800 seconds
	                                // (3 hours) old
                        output mail "/var/log/messages is outdated,
	                             is $text(#lineage) seconds old"
                        =execwait "/etc/init.d/syslog restart"
                        output mail "restarted syslog"
                endif

Whichever you prefer, either script does the trick.

For more examples, see Samples.

 
Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2018-01-02.   This site is PIKT® powered.
Copyright © 1998-2018 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
Learn new
techniques to
scan multiple
log files