Syslog is normally started from the "/etc/rc.tcpip" file and dynamically creates the "/dev/log" device. You can add startup options as follows:
# Start up syslog daemon (for error and event logging)
# Added -r to prevent remote logging
start /usr/sbin/syslogd "$src_running" "-r"
In this example the "-r" option is passed to the syslogd process.
If you want to dynamically pass options to syslogd whilst testing use:
# startsrc -s syslogd -a "-m 5 -r -e -d"
Here is an example of an "/etc/syslog.conf" file that logs pretty-much everything:
# Log messages from all facilities at severity "alert" or higher in
# the AIX errlog (alert,emerg)
*.alert errlog
# Log all warning messages (err,crit,alert)
*.warn /var/adm/log/error.log rotate size 8m compress files 7
# Log security messages
auth,authpriv.info /var/adm/log/auth.log rotate size 8m compress files 7
# Log cron messages
cron.info /var/adm/log/cron.log rotate size 8m compress files 7
# Log printer messages
lpr.info /var/adm/log/lpr.log rotate size 8m compress files 7
# Log email activity
mail.info /var/adm/log/mail.log rotate size 8m compress files 7
# Log news messages
news.info /var/adm/log/news.log rotate size 8m compress files 7
# Log syslog messages
syslog.info /var/adm/log/syslog.log rotate size 8m compress files 7
# Log UUCP messages
uucp.info /var/adm/log/uucp.log rotate size 8m compress files 7
# Log deamon activity
daemon.info /var/adm/log/daemon.log rotate size 500k files 7 compress archive /var/adm/syslog_archive
# Application specific logging
local0.info /var/adm/log/wrappers.log rotate size 8m compress files 7
local7.info /var/adm/log/sftp-server.log rotate size 8m compress files 7
# Log non-critical messages only
*.debug /var/adm/log/messages.log rotate size 8m compress files 7
# ASO log configuration
aso.notice /var/log/aso/aso.log rotate size 128k time 7d
aso.info /var/log/aso/aso_process.log rotate size 1024k files 7
aso.debug /var/log/aso/aso_debug.log rotate size 8m compress files 7
You can group priorities together using the ";", ",", and "none" keywords to filter output and restrict message duplication, however this seems a little buggy and inconsistent e.g:
# output to console
*.err;mail,kern.notice;daemon,auth.debug;user.info /dev/console
According to the syslog manual it is possible to start the syslogd using the "-e" option, however this does not seem to work correctly at AIX 6.1?
-e
Specifies enhanced rotation. All compressed and uncompressed files
that are available in the log directory and that are created by
the syslogd daemon are considered for rotation.
The other issue that I have seen is that some logs such as the "aso.debug" and "aso.info" contain a lot of duplicate messages and it does not seem possible to filter them using the ".none" syntax. I would be really interested to hear from anyone that has made this work correclty.
No comments:
Post a Comment