5:17 AM
" You only benefit when readers benefit first."
Solaris System Logs
system logs are files contain events that are recorded by the operating system, system logs contain information about errors, warnning, device changes, events, hardware errors and more.
solaris system logs are managed by syslog facility, at the command prompt type :-
bash-3.00# ps -ef | grep -i syslog root 527 1 0 08:47:48 ? 0:26 /usr/sbin/syslogd
you can notice that syslog facility is running with PID of 527.
How syslog works ?
in solaris system a message is generated by kernal, daemon, application, user ... etc, syslog send this message to the syslogd daemon, syslogd daemon runs the m4 macro processor, the m4 macro processor reads the /etc/syslog.conf and process any m4 statments in the input, and passes the output to the syslogd daemon, the syslogd daemon uses the information output by the m4 processor to route messages (logs) to the appropriate places.
the main configuration file is /etc/syslog.conf.
Where syslog store log ?
➊ remote host
➋ local file
➌ console
➍ specific users :- display a message (Event) to the user.
Syslog configuration
A configuration entry in the /etc/syslog.conf file consists of two separated fields : selector and action.
selector field has two components : facility and level writen as facility.level, where facility represents the process that can generate the message, level represents the priority and the category of the message, for example "kern.err" where kern represent the facility ant it indicates that Messages generated by the kernel, "err" represents the priority of the message.
the follwoing are facilities options in solaris :-
Field
|
Description
|
kern
|
Messages generated by the kernel.
|
user
|
Messages generated by user processes.
|
mail
|
The mail system
|
daemon
|
System daemons, such as the in.ftpd and the telnetd daemons.
|
auth
|
The authorization system, including the login, su,and ttymon commands.
|
syslog
|
Messages generated internally by the syslogd daemon.
|
lpr
|
The line printer spooling system
|
cron
|
The cron and at facilities, including crontab, at, and cron.
|
*
|
All facilities, except the mark facility.
|
the follwoing are levels options in solaris :-
Level
|
Priority
|
Description
|
emerg
|
0
|
Panic conditions that are
normally broadcast to all users |
alert
|
1
|
Conditions that should be
corrected immediately,such as a corrupted system database |
crit
|
2
|
Warnings about critical
conditions, such as hard device errors |
err
|
3
|
Errors other than hard
device errors |
warning
|
4
|
Warning messages
|
notice
|
5
|
Non-error conditions that
might require special handling |
info
|
6
|
Informational messages
|
debug
|
7
|
Messages that are
normally used only when debugging a program |
none
|
8
|
Messages are not sent
from the indicated facility to the selected file |
again, the general form for syslog confiuration is :- selector action
where selector form is :- facility.level
action field defiens where forward the message,this field can have one of the following fields :-
/pathname ➡ Full path name to the targeted file.
@host ➡ The @ sign denotes that messages must be forwarded to a remote host. Messages are forwarded to the syslogd daemon on the remote host.
user_name ➡ The user user_name receives messages if they are logged in.
* ➡ All logged in users receive messages.
Example :-
we want to forward all messages of daemon facility and notice level to server3 remote host.
bash-3.00# vi /etc/syslog.conf ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
daemon.notice @server3
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
add the line with red color.
↪ Add server3 ip address to the /etc/hosts file.
↪ Add server3 ip address to the /etc/hosts file.
bash-3.00# vi /etc/hosts # Internet host table
#
::1 localhost
127.0.0.1 localhost
10.109.9.251 solaris1 loghost
10.109.9.15 server3
now any messages of daemon facility and notice level will be founded at server3 in /var/adm/messages.
Posted in: Solaris OS
0 comments:
Post a Comment