Plain & simple:

/var/log/messages shows useless WARNING messages on some of our servers.

Monitoring server Sends email with notifications of said useless WARNINGs.

This causes much Grrr in the noc, as we've been going in and editing the file with vi, hoping to change WARNING to warning and save the file before anything else writes to it.

I've tried executing the following command

sed s/WARNING/warning/g /var/log/messages > /var/log/messages.tmp && mv /var/log/messages.tmp /var/log/messages

It worked as expected, but didn't complain

Some one else tried writing a perl script which basically did the same thing, but would sporadically truncate the file (even worse)

Is there a way that I can tell if syslogng is writing to the file while sed & mv are getting rid of the uglies?

Too tired to give a detailed explanation but two things come to mind:
1) Configure /etc/syslog.conf to not put the WARNING level messages in /var/log/messages
or
2) syslogd can be sent a signal with the kill command to facilitate mucking with the log file while syslogd may write to it.

Trying to edit the file by overwriting it is poor form.

uh... thanks for your quick response. Obviously the first suggestion is out of the question, and second one is somewhat closer. This project is for nought without an automated process.

Still searching

Don't discount syslogd.conf out of hand unless you really understand what it is capable of.

You aren't the first administrator to aim scripts at the log files. syslogd is heavily designed for just such manipulations. Both in the conf file and in the acrobatics the running daemon is capable of via signals.