Solaris, along with the majority of other flavors of UNIX, uses the syslogd process for its main system logging. It traps various events and forwards the system messages to a specified location, which can be a screen or a file, or even to a remote system, as dictated by the configuration file /etc/syslog.conf. The default configuration file is shown in Listing 9.1. Listing 9.1 The Default System Logging Configuration File Supplied with the Solaris Operating Environment#ident "@(#)syslog.conf 1.5 99/02/03 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1999 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * ) The system manager is responsible for ensuring that all system messages receive the attention they require, depending on their priority. The default configuration file logs a number of messages to the system console (/dev/sysmsg) and to the messages file in the directory /var/adm. Others are forwarded via email to the root and operator user accounts. A large number of companies let the standard system logging configuration run in its default form and do not amend it to suit their specific requirements. There are potential disadvantages of logging too much information to the system console:
With a busy system, some discrimination of priorities is necessary; otherwise , the main messages file can become large very quickly. One approach is to configure the system logging by feature ”that is, for example, to log all messages relating to mail to a different log file, such as /var/log/mail.log; to log kernel- related messages to /var/log/kernel.log; to log authentication messages to /var/log/auth.log; and so on. This method of system logging can make monitoring the events more manageable while still logging only the highest-priority events in the system messages file. Syslog message levels are defined in a series of levels. The following list details the levels in order from the highest level to the lowest .
It is important to note that when a level is inserted into the configuration file, messages for the selected level and higher will be forwarded to the location specified. Which Files Are Involved?The syslog process comprises a number of files, apart from the syslogd daemon. The following list describes each of them and the purposes they fulfill:
|
Top |