Two of your answers lie in tuning your syslog daemon to only log what you want.  Usually located in /etc/syslog.conf, or /etc/rsyslog.d/*.conf.

The third relies on google-fu.

On Tue, Sep 4, 2012 at 10:12 AM, <joe@actionline.com> wrote:

Thanks Rusty ... here's some more details:

> Unfortunately, once you've deleted /var/log/messages and /var/log/syslog
> (and /var/log/kern*) any chance of knowing what happened is probably lost,
> because those logs contained the spewing that was either the cause of the
> failure, or the information about the failure.

Fortunately, I did not delete all the messages and I still have them from
mid-August forward. The number of entries is huge: 395,450 entries in
/var/log/messages for two days (Sept 2nd through 3rd). I shut the system
down last night about 8 pm to stop it from posting more error messages,
then restarted it this morning, Sept 4.

In the first 1.5 hours, it added 682 new entries to messages that I posted
at this link:

http://www.upquick.com/temp/messagesSep4.txt

Here are the current 'df' results:
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              12G  9.8G  1.5G  88% /
tmpfs                 473M     0  473M   0% /dev/shm
/dev/sda6             168G   23G  145G  14% /home


So, how can I find out what all these error messages mean and what changes
I need to make to stop this huge ongoing posting of error messages?

Also, since /var/log/messages and /var/log/syslog seem to be redundant,
can I safely delete one or the other (and which)?



---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
James McPhee
jmcphe@gmail.com