Thursday, 6 February 2014

More Logging

You can never have too much logging, in principle at least, however you need to carefully manage logs so they don't fill your filesystem(s), and so you don't get blinded by too much information.

There are several logs provided by AIX that are very useful, but often overlooked:

Shutdown Logs

A log can happen during shutdown that gets missed. Fortunately there is a simple remedy! Always use the "-l" (Logging) flag e.g. shutdown -lF, as this creates the file "/etc/shutdown.log" and this can yield a lot of interesting information and aid fault resolution.

SNMP Logging

Start by checking with version of SNMPD you are using:

# ls -l /usr/sbin/snmpd
lrwxrwxrwx    1 root     system           19 Apr 17 2012  /usr/sbin/snmpd -> /usr/sbin/snmpdv3ne

The example above shows that this system is using version-3.

SNMPD Version 1.

If you are using traditional SNMPD (not recommended as it has lots of security issues)

The "/etc/snmpd.conf" file controls the behaviour of this daemon and the default is not to log anything. To start logging see the following entries:

logging         file=/usr/tmp/snmpd.log         enabled
logging         size=100000                     level=0

Ensure that the file "??.log" exists and that the "level" is either 1, 2, or 3, then restart the daemon. You should then

SNMPD Version3.

There are two types of version-3, unencrypted and encrypted. You can see which one you are using from the symbolic-link (e.g.  /usr/sbin/snmpdv3ne is un-encrypted). In either event you must configure it using "/etc/snmpdv3.conf". The logging entry is almost exactly the same as version-1, except that you can log up to level 4.

No comments:

Post a Comment