The /var/adm/messages is the file to which all the messages printed on the console are logged to by the Operating System. This helps to track back check the console messages to troubleshoot any issues on the system.
Syslog daemon also writes to this /var/adm/messages file.
The /var/adm/messages file monitored and managed by newsyslog and its configuration file is /usr/lib/newsyslog
click here for a sample view of the newsyslog file.
This script runs as the roots cron job everyday, checks the /var/adm/messages file and copies/moves it to /var/adm/messages.0,1,2,3,4,5,6,7. In other words, it does the Log Rotation for the /var/adm/messages.
In an event the /var file system is running out of space, these files needs to checked and can be removed (not the actual /var/adm/messages itself) to free up space on the file system.
However, care has to be taken, if you decide to empty the /var/adm/messages itself for any reason. This process is called Truncation.
Truncate /var/adm/messages
The best way to truncate the /var/adm/messages is as follows:
- cp /var/adm/messages /var/adm/messages.bak
- cp /dev/null /var/adm/messages
NOTE: >/var/adm/messages does the same as what the Step 2 does.
To explain, all you do is to copy the contents of the existing /var/adm/messages to a new file say /var/adm/messages.bak and then empty the contents of messages by overwriting it with /dev/null which is empty. This will allow syslog to still continue writing to /var/adm/messages file.
There is another way to do it but is not as graceful to syslog as the previous one wherein you move the current /var/adm/messages file to a new one say /var/adm/messages.bak. When this happens, the /var/adm/messages no longer exists and this troubles syslog wherein you need to re-initialize the syslogd again. Not sure why, if you check the /usr/lib/newsyslog, Solaris follows this procedure than the safer earlier one.
To perform this operation:
- mv /var/adm/messages /var/adm/messages.bak
- touch /var/adm/messages
- kill –1 `cat /etc/syslog.pid`
If you do not want Solaris to do the Log rotate and use a tool logrotate then you may do so by simply disabling the newsyslog from the roots cron and add your logrotate tool to do the job.
Hi this is santhosh here the info here is very much useful to me as am new to sys admin