Translate

Tuesday 21 January 2014

More syslogging

The AIX version of syslog seems to be quite tricky to configure and has a lot of features that are not particulalry well explained, and dare I say a little buggy.

Syslog is normally started from the "/etc/rc.tcpip" file and dynamically creates the "/dev/log" device.  You can add startup options as follows:

# Start up syslog daemon (for error and event logging)
# Added -r to prevent remote logging
start /usr/sbin/syslogd "$src_running" "-r"


In this example the "-r" option is passed to the syslogd process.

If you want to dynamically pass options to syslogd whilst testing use:
# startsrc -s syslogd -a "-m 5 -r -e -d"

Here is an example of an "/etc/syslog.conf" file that logs pretty-much everything:

# Log messages from all facilities at severity "alert" or higher in
# the AIX errlog (alert,emerg)
*.alert errlog

# Log all warning messages (err,crit,alert)
*.warn  /var/adm/log/error.log  rotate size 8m compress files 7

# Log security messages
auth,authpriv.info      /var/adm/log/auth.log   rotate size 8m compress files 7

# Log cron messages
cron.info       /var/adm/log/cron.log   rotate  size 8m compress files 7

# Log printer messages
lpr.info        /var/adm/log/lpr.log    rotate  size 8m compress files 7

# Log email activity
mail.info       /var/adm/log/mail.log   rotate  size 8m compress files 7

# Log news messages
news.info       /var/adm/log/news.log   rotate  size 8m compress files 7

# Log syslog messages
syslog.info     /var/adm/log/syslog.log rotate  size 8m compress files 7

# Log UUCP messages
uucp.info       /var/adm/log/uucp.log   rotate  size 8m compress files 7

# Log deamon activity
daemon.info     /var/adm/log/daemon.log rotate size 500k files 7 compress archive /var/adm/syslog_archive

# Application specific logging
local0.info     /var/adm/log/wrappers.log       rotate size 8m compress files 7
local7.info     /var/adm/log/sftp-server.log    rotate size 8m compress files 7

# Log non-critical messages only
*.debug /var/adm/log/messages.log       rotate  size 8m compress files 7

# ASO log configuration
aso.notice      /var/log/aso/aso.log    rotate size 128k time 7d
aso.info        /var/log/aso/aso_process.log    rotate size 1024k files 7
aso.debug       /var/log/aso/aso_debug.log      rotate size 8m compress files 7


You can group priorities together using the ";", ",", and "none" keywords to filter output and restrict message duplication, however this seems a little buggy and inconsistent e.g:




# output to console
*.err;mail,kern.notice;daemon,auth.debug;user.info   /dev/console


According to the syslog manual it is possible to start the syslogd using the "-e" option, however this does not seem to work correctly at AIX 6.1?

-e
            Specifies enhanced rotation. All compressed and uncompressed files
            that are available in the log directory and that are created by
            the syslogd daemon are considered for rotation.


The other issue that I have seen is that some logs such as the "aso.debug" and "aso.info" contain a lot of duplicate messages and it does not seem possible to filter them using the ".none" syntax. I would be really interested to hear from anyone that has made this work correclty.

No comments:

Post a Comment