System Logging (syslogd)

Previous page
Table of content
Next page
   

Solaris, along with the majority of other flavors of UNIX, uses the syslogd process for its main system logging. It traps various events and forwards the system messages to a specified location, which can be a screen or a file, or even to a remote system, as dictated by the configuration file /etc/syslog.conf. The default configuration file is shown in Listing 9.1.

Listing 9.1 The Default System Logging Configuration File Supplied with the Solaris Operating Environment 
 #ident   "@(#)syslog.conf        1.5     99/02/03 SMI"  /* SunOS 5.0 */  #  # Copyright (c) 1991-1999 by Sun Microsystems, Inc.  # All rights reserved.  #  # syslog configuration file.  #  # This file is processed by m4 so be careful to quote (`') names  # that match m4 reserved words.  Also, within ifdef's, arguments  # containing commas must be quoted.  #  *.err;kern.notice;auth.notice                   /dev/sysmsg  *.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages  *.alert;kern.err;daemon.err                     operator  *.alert                                         root  *.emerg                                         *  # if a non-loghost machine chooses to have authentication messages  # sent to the loghost machine, un-comment out the following line:  #auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)  mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)  #  # non-loghost machines will use the following lines to cause  # log messages to be logged locally.  #  ifdef(`LOGHOST', ,  user.err                                        /dev/sysmsg  user.err                                        /var/adm/messages  user.alert                                      `root, operator'  user.emerg                                      *  )

The system manager is responsible for ensuring that all system messages receive the attention they require, depending on their priority. The default configuration file logs a number of messages to the system console (/dev/sysmsg) and to the messages file in the directory /var/adm. Others are forwarded via email to the root and operator user accounts.

A large number of companies let the standard system logging configuration run in its default form and do not amend it to suit their specific requirements. There are potential disadvantages of logging too much information to the system console:

  • A "headless" system (one with no console) will never display the messages.

  • The message might scroll off the screen and be lost before anyone sees it.

  • There may not be anyone watching the console to be able to take immediate action.

  • The message may not be stored elsewhere so that it can be reviewed later.

With a busy system, some discrimination of priorities is necessary; otherwise , the main messages file can become large very quickly. One approach is to configure the system logging by feature ”that is, for example, to log all messages relating to mail to a different log file, such as /var/log/mail.log; to log kernel- related messages to /var/log/kernel.log; to log authentication messages to /var/log/auth.log; and so on. This method of system logging can make monitoring the events more manageable while still logging only the highest-priority events in the system messages file.

Syslog message levels are defined in a series of levels. The following list details the levels in order from the highest level to the lowest .

Level Code Description
LOG_EMERG Kernel panic
LOG_ALERT 1 A condition requiring immediate attention
LOG_CRIT 2 A critical condition
LOG_ERR 3 An error
LOG_WARNING 4 A warning message
LOG_NOTICE 5 Not a serious error, but one that might require attention
LOG_INFO 6 Information message
LOG_DEBUG 7 Used for debugging

It is important to note that when a level is inserted into the configuration file, messages for the selected level and higher will be forwarded to the location specified.

Which Files Are Involved?

The syslog process comprises a number of files, apart from the syslogd daemon. The following list describes each of them and the purposes they fulfill:

  • /etc/syslog.conf ”The configuration file where the rules are defined, as well as the locations and method of message delivery.

  • /var/log/syslog ”The data file containing data gathered by the syslog process. There will also be syslog.[0-7] files containing older data. The files are recycled every eight weeks.

  • /var/adm/messages ”The data file containing system messages, often from the syslog process, and also attempts to become superuser and system startup messages.

  • /usr/lib/newsyslog ”An automatic job that is run by cron to cycle the syslog data files.

  • /etc/init.d/syslog ”The startup and shutdown script that is executed each time the system is shut down or rebooted.

   
Top

Previous page
Table of content
Next page
Solaris System Management
Solaris System Management (New Riders Professional Library)
ISBN: 073571018X
EAN: 2147483647
Year: 2001
Pages: 101
Authors: John Philcox
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Metrics and Models in Software Quality Engineering (2nd Edition)
Building Web Applications with UML (2nd Edition)
Special Edition Using Crystal Reports 10
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy