36.2 Using syslogd Over a Network
 |
The syslogd daemon is the most important daemon for logging system messages. It reads messages generated by the operating system and applications from a number of sources and logs these to different locations depending on its configuration file /etc/syslog.conf . It collects messages from the following resources.
-
UNIX domain socket /dev/log.un
-
Internet domain socket defined in /etc/services
-
named pipe /dev/log
-
kernel log device /dev/klog
-
syslogd daemon on other hosts
Applications can send messages to the syslogd daemon using the syslog() function. The syslogd daemon can also collect messages from the syslogd daemon of other hosts on a network. This makes it suitable to collect messages on a central management server.
The configuration file for the syslogd daemon is /etc/syslog.conf . Each line in this file consists of a selector and an action. The selector consists of a semicolon-separated list of priority specifiers. A specifier consists of two fields: a facility that determines the subsystem that generated the message and a level indicating the severity of the message. The action part of the line is separated from the selector part by using one or more tab characters , and it shows what actions will be taken corresponding to a particular selector. The severity levels used by syslogd are listed in Table 36-1.
Table 36-1. Severity Levels Used by syslogd
| Severity Level | Description |
|---|---|
| LOG_EMERG | Shows a system panic condition |
| LOG_ALERT | Alert, an action should be taken immediately |
| LOG_CRIT | Critical condition |
| LOG_ERR | Error |
| LOG_WARNING | Warning |
| LOG_NOTICE | Notice |
| LOG_INFO | Information |
| LOG_DEBUG | Debug |
All kernel messages are considered critical by syslogd . The kernel panic messages are not logged. The following is a sample /etc/syslog.conf file.
mail.* /var/adm/syslog/mail.log *.info /var/adm/syslog/syslog.log *.alert /dev/console *.alert root,boota *.emerg @myhp
The first line shows that all messages generated by the mail system should be logged to the /var/adm/syslog/mail.log file. The second line shows that all messages from all systems that have a severity level info or above (notice, warning, error, etc.) should be logged to the /var/adm/syslog/syslog.log file. The third and fourth lines show that all messages of severity level alert and above should be sent to the system console. In addition, if users root and boota are logged in, these messages should also be displayed on their terminal screens. The last line shows that all messages of severity level emergency and above should be forwarded to the syslogd daemon running on host myhp . The syslogd daemon on host myhp can then be configured to display messages to the system console or to a logged-in user for immediate action. If all hosts on a network are configured to send critical messages to a management host, errors can be detected immediately and corrective measures may be taken.
The syslogd daemon reads its configuration file at startup time. If you make a change to the configuration file, you have to either restart syslogd or send a Hangup signal to it. After receiving a Hangup signal, syslogd rereads its configuration file. The following command can be used to send the Hangup signal to syslogd using its PID stored in the /var/run/syslog.pid file.
kill -HUP `cat /var/run/syslog.pid`
 |
| |
| Top |
EAN: 2147483647
Pages: 390