Day: 27/08/2010

Various Files in /var

Posted on Updated on

*) Various Files in /var:

1) /var/adm/lastlog : This file contains information about users’ last login times.

2) /var/adm/loginlog : After five (Can be changed to any number) unsuccessful login attempts, all the attempts are logged in this file.

3)/var/adm/sulog: This file contains a history of  su command usage. As a security measure, this file should not be readable by others. Truncate the /var/adm/sulog file periodically to keep the size of the file within a reasonable limit. The /usr/sbin/cron, the /sbin/rc0, or the /sbin/rc2 command can be used to clean up the sulog file. You can add the appropriate commands to the /var/spool/cron/crontabs/root file or add shell commands to directories such as /etc/rc2.d, /etc/rc3.d, and so on. The following two line script truncates the log file and saves only its last 50 lines:

tail -50 /var/adm/sulog > /var/tmp/sulog
mv /var/tmp/sulog /var/adm/sulog

4) /var/adm/syslog: This file is the SCOadmin event log file.

Note: scoadmin is a command line utility that invokes SCOadmin management applications or configures their placement in the SCOadmin hierarchy. When invoked without arguments, scoadmin invokes the SCOadmin launcher, a menu interface that allows managers to be selected from a list. scoadmin can also be used to invoke individual SCOadmin applications. (The behavior of scoadmin is identical in the character and graphical environments.) SCOadmin consists of a management hierarchy with applications (objects) grouped in folders. The structure, format and content of the SCOadmin framework is described in scoadmin

5) /var/adm/utmp : This file contains the information accessed with the who command & also the current system state.

6)/var/adm/utmpx:This file contains information similar to that in the /var/adm/utmp file, along with a record of the remote host.

7) /var/adm/wtmp: This file contains a history of system logins. The owner and group of this file must be adm, and the access permissions must be 664. When ever the login is used,  this file is updated.  As the system is accessed, this file increases in size. Periodically clear or truncate this file. The command >/var/adm/wtmp, when executed by root creates the file with nothing in it. The following two line script limits the size of /var/adm/wtmp to the last 3600 characters in the file:

tail -3600c /var/adm/wtmp > /var/tmp/wtmp
mv /var/tmp/wtmp /var/adm/wtmp

The /usr/sbin/cron, /sbin/rc0, or /sbin/rc2 command can be used to clean up the wtmp file. You can add the appropriate commands to the /var/spool/cron/crontabs/root file or add shell commands to directories such as /etc/rc2.d, /etc/rc3.d, and so on.

8)/var/adm/wtmpx :This file contains information similar to that in the /var/adm/wtmp file, along with a record of the remote host.

9) /var/adm/log/osmlog: This file contains console messages.

10)/var/cron/log : This file contains a history of all actions taken by /usr/sbin/cron. Truncate the /var/cron/log file periodically to keep the size of the file within a reasonable limit. The /usr/sbin/cron, /sbin/rc0, or /sbin/rc2 command can be used to clean up the /var/cron/log file. You can add the appropriate commands to the /var/spool/cron/crontabs/root file or add shell commands in the following directories (as applicable): /etc/rc2.d, /etc/rc3.d, and so on.

The following two line script limits the size of the log file to the last 100 lines in the file:

#tail -100 /var/cron/log > /var/tmp/log
#mv /var/tmp/log /var/cron/log

11) /var/adm/shut.log : This file contains information about lp shutdowns.

12) /var/adm/metreg.data : This file is a registration file for kernel metrics. It is created during system boot and is used by (3mas) library routines, and by sar and rtpm.

13) /var/adm/ftp.pids-all :This file contains the process ids of the ftp servers running on the system.

14) /var/adm/dinit.log : This file contains information about lp scheduling.

** Veritas Cluster Server System Log: /var/VRTSvcs/log/engine_A.log