wiki

User Tools

Site Tools

Trace: syslog_conf
aix:syslog_conf

This is an old revision of the document!

Table of Contents

Syslog

You can have more system logs than the errlog (errpt), you can activate syslog daemon. Logs files are text fomat.

Add the following lines in /etc/syslog.conf 

[aix-srv@root] /root# cat /etc/syslog.conf
*.emerg /var/log/syslog/emerg.log rotate size 100k files 4 compress
*.alert /var/log/syslog/alert.log rotate size 100k files 4 compress
*.crit /var/log/syslog/crit.log rotate size 100k files 4 compress
*.err /var/log/syslog/error.log rotate size 100k files 4 compress
*.warning /var/log/syslog/warning.log rotate size 100k files 4 compress
*.notice /var/log/syslog/notice.log rotate size 100k files 4 compress
*.info /var/log/syslog/info.log rotate size 100k files 4 compress
*.debug /var/log/syslog/debug.log rotate size 100k files 4 compress

To get only login informations (telnet, ssh, console…), add the following lines in /etc/ssh/sshd_config 

SyslogFacility AUTH
LogLevel INFO

And add the following line in syslog.conf: 

auth,authpriv.debug /var/log/syslog/auth.log rotate size 500k files 4 compress

Rotate based on time (1 week): 

*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages rotate time 1w files 5

Create empty files for log, they won't be automatically created: 

[aix-srv@root] /root# mkdir -p /var/log/syslog
[aix-srv@root] /root# for file in $(cat /etc/syslog.conf | grep -v "^#" | awk '{print $2}')
do
touch $file
done

Uncomment the entry for syslogd in /etc/rc.tcpip, or use the following command; then restart syslod: 

[aix-srv@root] /root# chrctcp -S -a syslogd
[aix-srv@root] /root# stopsrc -s syslogd; startsrc -s syslogd
[aix-srv@root] /root# lssrc -ls syslogd
Subsystem         Group            PID          Status
 syslogd          ras              3997822      active
Syslogd Config   aso.notice /var/log/aso/aso.log rotate size 128k time 7d
Syslogd Config   aso.info /var/log/aso/aso_process.log rotate size 1024k
Syslogd Config   aso.debug /var/log/aso/aso_debug.log rotate size 8m compress
Syslogd Config   *.emerg /var/log/syslog/emerg.log rotate size 100k files 4 compr
Syslogd Config   *.alert /var/log/syslog/alert.log rotate size 100k files 4 compr
....
[aix-srv@root] /root# logger -p daemon.err "test"
[aix-srv@root] /root# tail -5 /var/log/syslog/error.log
....
Mar  8 09:31:04 nim daemon:panic|emerg root: test

Other parameters available: redirect debug to a syslog server, redirect emerg to the console for all logged in users, redirect err to the root console: 

[aix-srv@root] /root# cat /etc/syslog.conf
*.debug   @syslogserver
*.emerg   *
*.err     root

AIX error report test: 

[aix-srv@root] /root# errlogger "This is a test"
[aix-srv@root] /root# errpt
IDENTIFIER TIMESTAMP  T C RESOURCE_NAME  DESCRIPTION
AA8AB241   0308094013 T O OPERATOR       OPERATOR NOTIFICATION

If you want to prevent other server to connect to the local syslog, use the option “-r”. Only the local server can send to another server syslog information. Change the syslog entry in /etc/rc.tcpip: 

start /usr/sbin/syslogd "$src_running" "-r"

To start syslog with option -r, use the following command: 

[aix-srv@root] /root# startsrc -s syslogd -a "-r"
[aix-srv@root] /root# ps -ef | grep syslog
    root 6029434 3277000   0 11:26:43      -  0:00 /usr/sbin/syslogd -r
[aix-srv@root] /root# lssrc -ls syslogd
Subsystem         Group            PID          Status
 syslogd          ras              6029434      active
Syslogd Config   aso.notice /var/log/aso/aso.log rotate size 128k time 7d
Syslogd Config   aso.info /var/log/aso/aso_process.log rotate size 1024k
Syslogd Config   *.emerg /var/log/syslog/emerg.log rotate size 100k files 4 compr
Syslogd Config   *.alert /var/log/syslog/alert.log rotate size 100k files 4 compr
Syslogd Config   *.crit /var/log/syslog/crit.log rotate size 100k files 4 compres
Syslogd Config   *.err /var/log/syslog/error.log rotate size 100k files 4 compres
Syslogd Config   *.warning /var/log/syslog/warning.log rotate size 100k files 4 c
Syslogd Config   *.notice /var/log/syslog/notice.log rotate size 100k files 4 com
Syslogd Config   *.info /var/log/syslog/info.log rotate size 100k files 4 compres
Syslogd Config   *.debug /var/log/syslog/debug.log rotate size 100k files 4 compr
Syslogd Config   mail.debug /var/log/syslog/mail.log rotate size 100k files 4 com
Syslogd Config   auth.info /var/log/syslog/ssh.log rotate size 300k files 4 compr

Redirect errorlog in syslog

Create an ODM entry to run the “logger” command whenever an error is logged. 

[aix-srv@root] /root# vi /tmp/syslog.add
errnotify:
  en_name="syslog1"
  en_persistenceflg = 1
  en_method = "logger -p err Msg from Error Log: $(errpt -a -l $1 | grep -v 'ERROR_ID TIMESTAMP')"

Add the entry to ODM 

[aix-srv@root] /root# odmadd /tmp/syslog.add

Add a syslog entry to forward “err” priority messages to syslog 

[aix-srv@root] /root# vi /etc/syslog.conf
*.err @syslogserver

Refresh the syslog demon to pick up the new entry 

[aix-srv@root] /root# refresh -s syslogd

For reducing length of line in the syslog output use instead 

en_method = "logger -p err AIXErrptLog: $(errpt -a -l $1 | grep -v '\\--------')"

Syslog-ng

# cat /etc/syslog-ng/syslog-ng.conf
@version:3.2
@include "scl.conf"
# sample configuration file for syslog-ng on AIX
# users should customize to fit their needs
#

# log syslog-ng's own messages to /var/log/syslog-ng.log

source s_oracle_apexd {
        file ("/oracle/diag/rdbms/apexd/apexd/trace/alert_apexd.log");
        file ("/oradata/apexd/log/adump/syslog_sys_audit.txt");
};

source s_oracle_rmancat {
        file ("/oracle/diag/rdbms/rmancat/rmancat/trace/alert_rmancat.log");
};

source s_root_audit {
        file ("/audit/stream.out");
};

source s_oracle_msg {
        file ("/var/log/messages");
        file ("/var/log/syslog/warning.log");
        file ("/var/log/syslog/ftp_logging.log");
        file ("/var/log/syslog/auth.log");
};

source s_oracle_sys {
    unix-dgram("/dev/log");
    internal();
};

#       tcp ("10.10.10.10" port(514));
destination d_oracle_apexd {
        udp ("10.10.10.10" port(514) template("<$PRI> $DATE $HOST apexd $MSG\n"));
};

destination d_oracle_rmancat {
        udp ("10.10.10.10" port(514) template("<$PRI> $DATE $HOST rmancat $MSG\n"));
};

destination d_root_audit {
        udp("10.10.10.10" port(514));
};

source s_internal {
        internal();
};

destination d_syslognglog {
        file("/var/log/syslog-ng.log" owner("root") group("adm") perm(0640));
};

log {
        source(s_internal);
        destination(d_syslognglog);
};

# log everything to /var/log/messages

source s_local {
        unix-dgram("/dev/log");
};

destination d_messages {
        file("/var/log/messages" owner("root") group("adm") perm(0640));
};

log {
        source(s_local);
        destination(d_messages);
};

destination d_oracle_sys { udp("172.21.160.239" port(514)); };

# Remote logging
#
#source s_remote {
#       tcp(ip(0.0.0.0) port(514));
#       udp(ip(0.0.0.0) port(514));
#};
#
#destination d_separatedbyhosts {
#       file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
#};
#
#log {
#       source(s_remote);
#       destination(d_separatedbyhosts);
#};

#
# Local filters examples
#

#filter f_secure { facility(authpriv); };
#filter f_mail { facility(mail); };
#filter f_cron { facility(cron); };
#filter f_emerg { level(emerg); };
#filter f_spooler { level(crit..emerg) and facility(uucp, news); };
#filter f_local7 { facility(local7); };

filter f_messages { level(warning..emerg); };
filter f_auth       { facility(auth,authpriv); };
filter f_emergency  { level(emerg); };
filter f_kernel     { facility(kern); };

#
# Local destination examples
#

#destination d_secure { file("/var/log/secure"); };
#destination d_maillog { file("/var/log/maillog"); };
#destination d_cron { file("/var/log/cron"); };
#destination d_console { usertty("root"); };
#destination d_spooler { file("/var/log/spooler"); };
#destination d_bootlog { file("/var/log/boot.log"); };

#
# Local log examples - order DOES matter !
#
#log { source(s_local); filter(f_emerg); destination(d_console); };
#log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };
#log { source(s_local); filter(f_maillog); destination(d_maillog); flags(final); };
#log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
#log { source(s_local); filter(f_spooler); destination(d_spooler); };
#log { source(s_local); filter(f_local7); destination(d_bootlog); };
#log { source(s_local); filter(f_messages); destination(d_messages); };


log { source(s_oracle_apexd); destination(d_oracle_apexd); };
log { source(s_oracle_rmancat); destination(d_oracle_rmancat); };

log { source(s_oracle_sys); filter(f_kernel); destination(d_oracle_sys); };
log { source(s_oracle_sys); filter(f_auth); destination(d_oracle_sys); };
log { source(s_oracle_sys); filter(f_emergency); destination(d_oracle_sys); };
log { source(s_oracle_sys); filter(f_messages); destination(d_oracle_sys); };

log {
        source (s_oracle_msg);
        destination (d_oracle_sys);
};

log {
        source (s_root_audit);
        destination (d_root_audit);
};
aix/syslog_conf.1667822556.txt.gz · Last modified: 2022/11/07 13:02 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki