To configure syslog on UNIX/Solaris, perform the following steps:
- As root, on SunOS, AIX, HPUX, or Solaris, backup the /etc/syslog.conf file prior to modification.
- Modify /etc/syslog.conf to tell the UNIX system how to sort out the syslog messages coming in from the sending devices, that is, which logging_facility.level goes in which file. Make sure that there is a tab between the logging_facility.level and file_name.
- Make sure the destination file exists and is writable.
- The #Comment section at the beginning of syslog.conf usually explains syntax for the UNIX system. Alternatively, you can read the man page of syslogd with man syslogd .
- Do not put file information in the ifdef section.
- As root, restart syslogd to pick up the changes.
- Set “/etc/syslog.conf” for “local7.debug /var/log/local7.debug”
- The debug, informational, notification, warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged to the local7.debug file.
- The debug, informational, notification, warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged to the local7.debug file.
- To setup Syslog Server on Linux machine (eg. Debian) there need to be done one simple thing
- in /etc/init.d/sysklogd need to edit line and add -r option then restart syslog deamon (SYSLOGD=“-r”)
- in /etc/init.d/sysklogd need to edit line and add -r option then restart syslog deamon (SYSLOGD=“-r”)
- If point 8 is not in Solaris issue: svccfg -s /system/system-log setprop config/log_from_remote=true
- svcadm restart svc:/system/system-log
Here is the config,
root@Solaris#more /etc/syslog.conf
#
# Copyright (c) 2000-2002 by Sun Microsystems, Inc.
# All rights reserved.
#
#ident "@(#)syslog.conf 2.3 02/02/21 SMI"
#
# This "syslog.conf" file was installed by JASS. This
# file should be used to log information both locally as
# well as to a centralized log server (or servers) so that
# proactive log analysis can be done.
*.err;kern.notice;auth.notice /dev/console
*.alert root
*.emerg *
*.debug /var/adm/messages
# *.debug @loghost1
# *.debug @loghost2
# Added for Cisco Syslog Analyzer (begin)
local7.info /var/log/syslog_info
# Added for Cisco Syslog Analyzer (end)
root@Solaris#
root@Solaris#ps -ef | grep syslog
root 21285 1 0 15:57:01 ? 0:01 /usr/sbin/syslogd
rs008327 21491 21480 0 09:01:04 pts/1 0:00 grep syslog
root@Solaris#
root@Solaris#svcs -a | grep system-log
online 15:57:01 svc:/system/system-log:default
root@Solaris#
root@Solaris#more /var/log/syslog_info
No comments:
Post a Comment