HPE Community
Operating System - HP-UX
1837035 Members
3156 Online
110111 Solutions
New Discussion

About Redirecting Syslog Messages...

 
SOLVED
Go to solution
ben_43
Frequent Advisor

‎09-16-2002 08:17 AM

‎09-16-2002 08:17 AM

About Redirecting Syslog Messages...

Team:

We are running Citrix Metaframe(xemulator) and all the users come into the Nclass boxes thru the emulator. Currently the emulator writes all the messages (97% of the are user login and logout messages,rest of them are critical messages) into the syslog file. Since we have 1500 users we have to start syslogd every week to avoid it from growing. Please help me to achieve the following..
1. How do i redirect the emulator specific messages to a diff. Log file?
2. I think i need to find out what service they are using for logging(ex. local 0-7). How do i find this?
3. In case we are not able to find out the service they are using, still will be able to redirect the emulator messages to a different log file?
Please Advise.

Thanks
Ben.
0 Kudos
Reply
11 REPLIES 11
Chris Wilshaw
Honored Contributor

‎09-16-2002 08:23 AM

‎09-16-2002 08:23 AM

Re: About Redirecting Syslog Messages...

You are correct that you need to find the local variable.

To do this, add -v to the startup options in the /etc/rc.config.d/syslogd file, then restart the syslogd process.

The messages in syslog.log will now have a number/letter before the hostname, which can be resolved to


LOCAL0 Q
LOCAL1 R
LOCAL2 S
LOCAL3 T
LOCAL4 U
LOCAL5 V
LOCAL6 W
LOCAL7 X

Then add an entry similar to

localN.* /your/log/file

to syslog.conf, and restart syslogd again.
0 Kudos
Reply
Sandip Ghosh
Honored Contributor

‎09-16-2002 08:24 AM

‎09-16-2002 08:24 AM

Re: About Redirecting Syslog Messages...

You can look at /etc/syslog.conf for redirecting the messages.

Sandip
Good Luck!!!
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎09-16-2002 08:24 AM

‎09-16-2002 08:24 AM

Re: About Redirecting Syslog Messages...

HI
The syslog messages are configured in /etc/syslog.conf file.
I you can identify the emulator specific messages you can configure in this file to go to specific file.

##
*.emulator /var/adm/syslog/emulator.log

##
First going through the messages from emulator you will need to identify which wild card you need to use to configure it.

Thanks.
Prashant.
Take it as it comes.
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎09-16-2002 08:34 AM

‎09-16-2002 08:34 AM

Re: About Redirecting Syslog Messages...

Hi Ben,

Take a look at /etc/syslog.conf. Also Do "man syslogd" for more help on how to manipulate the /etc/syslog.conf file and redirect logs.

Hope this helps.

Regds
0 Kudos
Reply
ben_43
Frequent Advisor

‎09-16-2002 09:28 AM

‎09-16-2002 09:28 AM

Re: About Redirecting Syslog Messages...

Hi:

I put a -v to the syslogd and i found "6B" attached to all user login. Does it mean it uses local6 service. If so what should be the syslog.conf modified to?

Thanks
Ben/
0 Kudos
Reply
ben_43
Frequent Advisor

‎09-16-2002 12:12 PM

‎09-16-2002 12:12 PM

Re: About Redirecting Syslog Messages...

Hi:

Also when i started and stopped the emulator services it had a tag "6B" and also "4B" on it. Does it mean that it supports local6 service?

Thanks
Ben
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎09-16-2002 01:02 PM

‎09-16-2002 01:02 PM

Solution

Re: About Redirecting Syslog Messages...

Hi
If you have identified "6B" and "4B" as tag for messages from emulator in syslog, use following in syslog.conf file

##
*6B /var/adm/syslog/emulator.log
*4B /var/adm/syslog/emulator.log
##
Thanks.
Prashant.
Take it as it comes.
Reply
Chris Wilshaw
Honored Contributor

‎09-17-2002 12:07 AM

‎09-17-2002 12:07 AM

Re: About Redirecting Syslog Messages...

From man 3c syslog

LOG_KERN A LOG_EMERG 0
LOG_USER B LOG_ALERT 1
LOG_MAIL C LOG_CRIT 2
LOG_DAEMON D LOG_ERR 3
LOG_AUTH E LOG_WARNING 4
LOG_SYSLOG F LOG_NOTICE 5
LOG_LPR G LOG_INFO 6
LOG_NEWS H LOG_DEBUG 7
LOG_UUCP I
LOG_CRON J
LOCAL0-7 Q-X

So 4B means a user message at the warning level, and 6B means a user message at the info level.

From this, it looks like your emulator categorizes messages as "user".

LOG_USER Messages generated by random
user processes. This is the
default facility identifier if
none is specified.

To redirect this to another log, the line

user.* logfile

would be required. The down side of this is that user categroy messages from all other applications/processes that log at this level.
Reply
ben_43
Frequent Advisor

‎09-17-2002 04:54 AM

‎09-17-2002 04:54 AM

Re: About Redirecting Syslog Messages...

Hi:

This is what i tried..

Case A:

In /etc/syslog.conf file

*6B /var/adm/syslog/emulator.log

Case B:

user.* /var/adm/syslog/emulator.log

In both the cases after stopping and starting syslogd, i noticed that it stopped the messages from going to syslog but was not writing to the new log file either. Any ideas on how to close this gap.

Thanks
Ben.
0 Kudos
Reply
joe_91
Super Advisor

‎09-17-2002 06:07 AM

‎09-17-2002 06:07 AM

Re: About Redirecting Syslog Messages...

Hi:

I think you have to make sure that there is no
other user level messages in the /etc/syslog.conf file.

Cheers
Joe.
0 Kudos
Reply
Sudhakar.J
Advisor

‎09-18-2002 10:44 PM

‎09-18-2002 10:44 PM

Re: About Redirecting Syslog Messages...

Hi Ben,

Try this out and let us know the result by adding this string to /etc/syslog.conf

*.warning /new/log/file
*.info /new/log/file

Then restart syslogd daemon.
It shld workout.Becuz user.* is not supprted.

regds
Sudhakar.J

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.