cancel
Showing results for 
Search instead for 
Did you mean: 

syslog configuration

SOLVED
Go to solution
David Logan_2
Occasional Visitor

syslog configuration

Hi Folks,

I have a small problem with the syslog configuration on a V4.0F system.

I wish to use the cron facility so I have the syslog.conf configured :

kern.debug /var/adm/syslog.dated/kern.log
user.debug /var/adm/syslog.dated/user.log
mail.debug /var/adm/syslog.dated/mail.log
daemon.debug /var/adm/syslog.dated/daemon.log
auth.debug /var/adm/syslog.dated/auth.log
syslog.debug /var/adm/syslog.dated/syslog.log
#lpr.debug /var/adm/syslog.dated/lpr.log
lpr.info /var/adm/syslog.dated/lpr.log

msgbuf.err /var/adm/crash/msgbuf.savecore

kern.debug /var/adm/messages
kern.debug /dev/console
cron.warning /var/adm/syslog.dated/cron.log
*.emerg *

I HUP syslog and no messages appear. To test my new facility (cron.warning) I have tried to use the logger command thus :

logger -pcron.debug 'this is a test message from logger'

I receive the following error message
logger: unknown facility name: cron

As cron is mentioned in both the man pages for logger and also in /usr/include/sys/syslog_pri.h can anybody explain why this isn't working?

Have I configured something incorrectly? or using it incorrectly?

The file /var/adm/syslog.dated/cron.log has been created and has perms -rw-r-----

Thanks
If in trouble, or in doubt, run in circles, scream and shout
5 REPLIES
Ralf Puchner
Honored Contributor
Solution

Re: syslog configuration

Try

# logger -p 72 4

the log directory is specified as /var/adm/syslog.dated/cron.log, but the file should be within /var/adm/syslog.dated/current/

stop and restart the syslog daemon to be sure the new configuration will be used.
Help() { FirstReadManual(urgently); Go_to_it;; }

Re: syslog configuration

Ralf,

I posted a question with subject: Message when someone su root.

I tried to configure syslog but I received the same errors of David Logan with the difference that logger gives me answers and it writes on log files.

This is my .conf:

kern.debug /var/adm/syslog.dated/current/kern.log
user.debug /var/adm/syslog.dated/current/user.log
mail.debug /var/adm/syslog.dated/current/mail.log
daemon.debug /var/adm/syslog.dated/current/daemon.log
auth.notice /var/adm/syslog.dated/current/auth.log
syslog.debug /var/adm/syslog.dated/current/syslog.log
lpr.debug /var/adm/syslog.dated/current/lpr.log

msgbuf.err /var/adm/crash/msgbuf.savecore

kern.debug /var/adm/messages
kern.debug /dev/console
*.emerg *


Thanks in advance.
Ezra
Joris Denayer
Respected Contributor

Re: syslog configuration

Hi,

Maybe I didn't understood the problem correctly.
Anyway, the cron facility doesn't seem to be available in the source of logger.c
So, the errormessage is rather normal.

As workaround, I suggest to use following line in /etc/syslog.conf

local1.warning /var/adm/syslog.dated/cron.log


Now the command
# logger -plocal1.warning "This works fine"
will generate the expected output in /var/adm/syslog.dated/current/cron.log

If local1 is already used, you can use another facility from local[0-7]


Maybe it's helpful

Joris
To err is human, but to really faul things up requires a computer

Re: syslog configuration

I tried your settings but when I restarted syslog the old entries were disapeared and there was the new one cron.log.

logger string worked.

I still don't understand.

Thanks a lot Joris
Ezra
Joris Denayer
Respected Contributor

Re: syslog configuration

Ezra,

Your old entries are not gone.
When the -HUP signal is send to the syslogd it will create a new date-directory an make a symbolic link to the "current" directory.

here you see a part of /var/adm/syslog.dated.

drwxr-xr-x 2 root adm 8192 Jun 12 12:15 12-Jun-12:15
drwxr-xr-x 2 root adm 8192 Jun 13 12:15 13-Jun-12:15
drwxr-xr-x 2 root adm 8192 Jun 13 16:11 13-Jun-16:11
drwxr-xr-x 2 root adm 8192 Jun 13 16:27 13-Jun-16:27
lrwxr-xr-x 1 root adm 12 Jun 13 16:27 current -> 13-Jun-16:27

You can see that syslogd as been -HUPped at 16:27 and just before at 16:21.

So, you will find your old entries in the directory that has been created before the one that is "symlinked" to current.

Joris
To err is human, but to really faul things up requires a computer