SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

syslog

SYSLOG

Syslog Facility Levels

The RFC 5424 defines eight severity levels:

Code Severity Keyword Description General Description
0 Emergency emerg (panic) System is unusable. A “panic” condition usually affecting multiple apps/servers/sites. At this level it would usually notify all tech staff on call.
1 Alert alert Action must be taken immediately. Should be corrected immediately, therefore notify staff who can fix the problem. An example would be the loss of a primary ISP connection.
2 Critical crit Critical conditions. Should be corrected immediately, but indicates failure in a secondary system, an example is a loss of a backup ISP connection.
3 Error err (error) Error conditions. Non-urgent failures, these should be relayed to developers or admins; each item must be resolved within a given time.
4 Warning warning (warn) Warning conditions. Warning messages, not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time.
5 Notice notice Normal but significant condition. Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required.
6 Informational info Informational messages. Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required.
7 Debug debug Debug-level messages. Info useful to developers for debugging the application, not useful during operations.

SLES 10 syslog ng

Bron

To enable syslogging to a different log host edit this file:

OES:~ # vi /etc/syslog-ng/syslog-ng.conf.in

An add these lines to the bottom of the file:

destination loghost_udp {
        udp("10.10.10.11" port(514));
};
log {
        source(src);
        destination(loghost_udp);
};

Afterwards run these commands to activate the logging:

OES:~ # SuSEconfig --module syslog-ng
Starting SuSEconfig, the SuSE Configuration Tool...
Running module syslog-ng only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.syslog-ng...
Checking //etc/syslog-ng/syslog-ng.conf.SuSEconfig file: ok
Finished.

OES:~ # /etc/init.d/syslog restart
Shutting down syslog services                                         done
Starting syslog services                                              done

STATS

Do you also get a lot of these messages?:

Syslog 	Syslog 	Notice 	OES syslog-ng[2435]: STATS: dropped 0  	14:19:30 May 19 2009
Syslog 	Syslog 	Notice 	OES syslog-ng[2435]: STATS: dropped 0 	13:19:29 May 19 2009
Syslog 	Syslog 	Notice 	OES syslog-ng[2435]: STATS: dropped 0 	12:19:29 May 19 2009
Syslog 	Syslog 	Notice 	OES syslog-ng[2435]: STATS: dropped 0 	11:19:29 May 19 2009

They mean that syslog hasn't dropped any message! Well, ain't that cool! But, I don't wanna know each hour. Once a day is good enough:

OES:~ # vi /etc/syslog-ng/syslog-ng.conf.in

And edit this line:

options { long_hostnames(off); sync(0); perm(0640); stats(86400); };

I changes the stats to 86.400 which means once a day. It was 3600, which means once every hour.

Test message

To test syslogging you can use the logger command:

logger "Testmessage oesbox"

SLES 11

In SLES 11, the SuSEconfig script and its syslog-ng.conf.in configuration template aren't used any more. You can enter the changes above directly in the /etc/syslog-ng/syslog-ng.conf file.

AIX syslog

To enable syslogging on an AIX box and to forward all information to a particular syslog server edit the /etc/syslog.conf file and restart the syslog daemon:

vi /etc/syslog.conf:

In this file you configure the logging in this format:

facility.priority destination
<facility> is:
       * - all (except mark)
       mark - time marks
       kern,user,mail,daemon, auth,... (see syslogd(AIX Commands Reference))

<priority> is one of (from high to low):
       emerg/panic,alert,crit,err(or),warn(ing),notice,info,debug
       (meaning all messages of this priority or higher)

<destination> is:
       /filename - log to this file
       username[,username2...] - write to user(s)
       @hostname - send to syslogd on this machine
       * - send to all logged in users

Example:

#user.info               /var/adm/log.log   rotate size 10m files 2 compress
#user.debug              /var/adm/log.dbg   rotate size 20m files 8 compress

Because I want to send all messages to a syslogd server, this is the line I need:

*.debug @syslogsrv.company.local
bash-3.2# refresh -s syslogd
0513-095 The request for subsystem refresh was completed successfully.

Solaris Syslog

The theory and file buildup is the same for Solaris and AIX. There is a difference though, to restart the syslog service you'll have to issue this command:

sudo svcadm restart system-log
Note: Do not use spaces (not even one!) between the selector and action colums. always use tabs or syslog will not read the configuration file correctly, resulting in errors like this:
syslogd: line xx: unknown priority name "debug                                      @loghost"
You could leave a comment if you were logged in.
syslog.txt · Last modified: 2021/09/24 00:25 (external edit)