AIX logs many messages to several places, however this often vital information is lost unless the system is correctly configured.
1. The principle subsystem for collecting messages is syslog
2. syslogd must be started (Check /etc/rc.tcpip)
# grep syslog /etc/rc.tcpip
# Start up syslog daemon (for error and event logging)
start /usr/sbin/syslogd "$src_running" -r
3. Ensure that "/etc/syslog.conf" exists and that any files referenced exist BEFORE syslogd was started.
4. Ensure there is sufficient space in the filesystem where the logging is taking place
5. Check there are no stray control or special characters in the configuration file as this can confuse the system and cause message loss.
6. Fine tune and test your configuration (eg.)
# cat /etc/syslog.conf
auth.info /var/adm/messages rotate size 8m compress files 7
local0.info /var/adm/wrappers.log rotate size 8m compress files 7
local7.info /var/adm/sftp-server.log rotate size 8m compress files 7
mail.debug /var/adm/mail.log rotate size 8m compress files 7
*.debug;local0.none;local7.none /var/adm/messages rotate size 8m compress files 7
In this example the log files are limited to 8MB and when a file exceeds this it is backed-up and upto seven rotated copies are maintained e.g.:
# ls -l /var/adm/messages*
-rw-r--r-- 1 root system 2434639 Jan 20 11:50 /var/adm/messages
-rw-r--r-- 1 root system 485237 Dec 19 11:31 /var/adm/messages.0.Z
-rw-r--r-- 1 root system 540774 Dec 19 11:26 /var/adm/messages.1.Z
-rw-r--r-- 1 root system 328879 Dec 19 10:06 /var/adm/messages.2.Z
-rw-r--r-- 1 root system 588315 Dec 19 09:22 /var/adm/messages.3.Z
-rw-r--r-- 1 root system 421498 Dec 18 12:20 /var/adm/messages.4.Z
-rw-r--r-- 1 root system 439781 Dec 18 09:43 /var/adm/messages.5.Z
-rw-r--r-- 1 root system 445143 Dec 16 16:05 /var/adm/messages.6.Z
Further copies can be created by using the archive keyword.
7. By default each entry logs all messages at and ABOVE the level described e.g. "*.debug" will log every single system message to this file. To restrict logging only to that level use the ".none" keyword. e.g. "*.debug;local0.none;local7.none".
Note: If you want to specify multiple logging levels use the ";" to separate them.
8. By default the syslog daemon accepts messages from other systems. If you wish to override this behaviour start syslogd with the "-r" option.
No comments:
Post a Comment