gtpc1m4x | Transmission Control Protocol/Internet Protocol |
The syslog daemon processing is controlled by a configuration file called
/etc/syslog.conf in which you define logging rules and
output destinations for error messages, authorization violation messages, and
trace data. Logging rules are defined by using a facility name
and a severity level. The facility name and
severity level are passed on the logging request from an application
when it wants to log a message. See Figure 28 for an example of a configuration file.
Each statement of the configuration file has the following syntax:
- facility
- is the name of the system process that is sending the message. The
following facility names are supported and predefined in the syslog daemon
implementation.
- Note:
- The TPF system does not have a server for all of these facilities;
however, the syslog daemon will accept messages if your environment has such a
server.
- auth
- Messages generated by authorization programs.
- daemon
- Messages generated by system server processes.
- local0-7
- Names reserved for user-defined facilities.
- mail
- Messages generated by a mail system.
- news
- Messages generated by a news system.
- syslog
- Messages generated by the syslog daemon.
- user
- Messages generated by a process (user).
- mark
- Messages generated by a mark signal from the syslog daemon. See Adding the Syslog Daemon Server for more information about defining the syslog daemon for
mark messages.
- *
- Placeholder used to represent all facilities.
- severity
- is the severity level of the message. The following severity
levels, shown in order of importance, are supported:
- emerg
- An emergency condition; that is, the system cannot be used.
This is normally broadcast to all processes.
- alert
- A condition that must be corrected immediately, such as a corrupted system
database.
- crit
- A critical condition, such as a hard device error.
- err(or)
- An error message.
- warn(ing)
- A warning message.
- notice
- A condition that is not an error condition, but that may require special
handling.
- info
- An informational message.
- debug
- A message that contains information normally of use only when debugging a
program.
- none
- Do not log any messages for the facility.
- \t
- represents the tab character.
- destination
- is the destination to which the log message will be sent. The
following destinations are supported. You must use lowercase for all
file names, users, and hosts.
- /file
- A specific file (for example,
/tmp/syslogd/error.log). All log files used by the
syslog daemon must be created in the hierarchical file system (HFS) before the
syslog daemon is started.
- @host
- A syslog daemon on another host (for example,
@mya1xserver).
- tape
- A TPF RTA tape.
- Note:
- If you direct the data to an RTA tape, you must postprocess the data
offline. The data is written as null terminated strings in 4K
blocks. Each block contains a header with the tape record ID of
X'EA00'.
Figure 28 shows an example of a syslog daemon configuration
file. See Modifying the Syslog Daemon Configuration File for information about how to modify the configuration
file.
Figure 28. Sample /etc/syslog.conf File
#
# facility.severity destination
# ----------------- -----------
# Note: The facility.severity and destination must be separated by tabs.
#
# Uncomment the following to log all messages to the /dev/null file.
#*.emerg /dev/null
#
# Uncomment the following to log all error messages (and lower)
# to the error.log file
#*.err /tmp/syslogd/error.log
#
# Uncomment the following to log all debug messages to tape
#*.debug tape
#
# Uncomment the following to log all local0 informational messages (and lower)
# and local1 error messages (and lower) to a remote host
#local0.info;local1.err @remote.host.com
#
# Uncomment the following to log all daemon server debug messages
# to the server.debug file
#daemon.debug /tmp/syslogd/server.debug
#
# Uncomment the following to log everything except local0, local1, and daemon
# messages to the garbagecan.log file
#*.emerg;local0.none;local1.none;daemon.none /tmp/syslogd/garbagecan.log
Configuration Notes:
- Comments can be added to the configuration file by placing the hashmark
(#) character in column 1 of the comment line. Everything
following the hashmark character will be handled as a comment.
- When you specify a severity level, all messages with that severity
and higher are logged at the specified destination. For
example, if you specify a severity level of error, all messages
having error, crit, alert, and
emerg severities are logged. To send all messages with a
severity of error or higher to a file named
/tmp/syslogd/error.log, you can specify the following rule
in the /etc/syslog.conf file:
*.err /tmp/syslogd/error.log
- You can combine logging rules and destinations in different ways.
For example, to send all messages from the facility named daemon
into one file and all messages with a severity level of crit or
lower into another file, enter the following:
daemon.emerg /tmp/syslogd/daemon.log
*.crit /tmp/syslogd/crit.log
- Note:
- If a server sends a message to the syslog daemon with a facility name of
daemon and a severity level of crit, messages will be
logged in both the daemon.log and crit.log
files. Likewise, if a server sends a message to the syslog daemon with
a facility name of daemon and a severity level of error,
the message will be logged in both files.
- If the severity level is none, the syslog daemon does not
select any messages. For example, if you want to log all messages from
facility name local1 into one file, all messages from the daemon
into another file, and all remaining messages into a third file, use the
following:
local1.emerg /tmp/syslogd/local1.log
daemon.emerg /tmp/syslogd/daemon.log
*.emerg;local1.none;daemon.none /tmp/syslogd/the_rest.log
- You cannot define logging conditions related to a process name or process
ID. All messages that belong to the same facility or severity class are
logged in the same syslog daemon logging file whether the server task has
issued the message or not.
- If the syslog daemon is running in debug mode, configuration file errors
are written to the operator console because initialization is not completed
until the entire configuration file has been read. See Adding the Syslog Daemon Server for more information about defining the syslog daemon to run
in debug mode.
A default syslog daemon configuration file is provided with examples of
logging rules that you can specify. You can modify this configuration
file as needed for your environment. If you do not modify the
configuration file, no messages will be logged (that is, all messages will be
sent to the /dev/null file and thrown away).
To modify the syslog daemon configuration file, do the following:
- Use TFTP or FTP to transfer the /etc/syslog.conf file to
another system.
- Modify the configuration file to include the logging rules that you
require. You can uncomment and change the sample lines that are in the
default file or just add new lines as needed.
- Use TFTP or FTP to transfer the configuration file back to your TPF
system.