HPE Community
Operating System - HP-UX
1833750 Members
3159 Online
110063 Solutions
New Discussion

customize syslog logging

 
SOLVED
Go to solution
Philip J. Priest_1
Frequent Advisor

‎07-14-2005 05:37 AM

‎07-14-2005 05:37 AM

customize syslog logging

I have /etc/syslog.conf like this:

*.err;*.crit;*.emerg /var/adm/syslog/critical.log

I have a shell script that will parse this file. I am looking for things that would be major problems.

Is this going to give me what im looking for?
What are other sysadm's doing for something like this?

thanks!
Phil
0 Kudos
Reply
10 REPLIES 10
Uday_S_Ankolekar
Honored Contributor

‎07-14-2005 05:46 AM

‎07-14-2005 05:46 AM

Re: customize syslog logging

in syslog.conf add this line
local7 /directory/filename (Where ou want to write)



And restart syslogd daemon

-USA..
Good Luck..
Reply
Philip J. Priest_1
Frequent Advisor

‎07-14-2005 05:48 AM

‎07-14-2005 05:48 AM

Re: customize syslog logging

Uday what is local7?

thanks!
Phil
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎07-14-2005 05:58 AM

‎07-14-2005 05:58 AM

Re: customize syslog logging

That is to capture customized meassages, a varialble from [1-7] can be used. man syslogd for more information

-USA..
Good Luck..
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-14-2005 06:01 AM

‎07-14-2005 06:01 AM

Solution

Re: customize syslog logging

Phil,

even better, check this page about the syslog.conf details explained a little more detailed than the syslogd man page:

http://www.scrambler.net/syslog.htm

________________________________
UNIX because I majored in cryptology...
Reply
Uday_S_Ankolekar
Honored Contributor

‎07-14-2005 06:03 AM

‎07-14-2005 06:03 AM

Re: customize syslog logging

It should be...

local7.info /outputdir/filename
local7.warn /outputdir/filename
local7.err .... like this you can add

-USA..



Good Luck..
Reply
Geoff Wild
Honored Contributor

‎07-14-2005 06:07 AM

‎07-14-2005 06:07 AM

Re: customize syslog logging

local0-7 are facilitys in syslog.

So, developers can write their code to log to them - instead of the default syslog...

Example, ftp can be set to log to local5:

local5.info;mail.none /var/adm/syslog/ftpd.log

ssh can go to local6:

local6.debug /var/adm/syslog/sshd.log


etc...

Codes are in /usr/include/syslog.h



Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Philip J. Priest_1
Frequent Advisor

‎07-14-2005 06:17 AM

‎07-14-2005 06:17 AM

Re: customize syslog logging

Geoff, how do i customize the localX? i want to know in my log file anything of error and above.

thanks!
Phil
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎07-14-2005 06:54 AM

‎07-14-2005 06:54 AM

Re: customize syslog logging

If you are planning to use one of the locals then the application writing to syslog has to know to use that local number.

For example, I've configured network switches and firewalls to write throught the syslog facility on HPUX using one of the locals, I have to tell the switch [in its syslog config section] to use local0 and the IP address of the 9000 and to log everything at a warning level or higher.

I can then configure syslogd to log all events for local0 (the network stuff) to /var/adm/syslog/network_stuff.log.

From your original question, it sounds like you are trying to get messages that would normally go to syslog but with a warning level or above to go to a special file that your script can parse. If so then you wouldn't use the local stuff, but would follow your original approach.

It wasn't clear from your message if you were getting entries in critical.log or not.
It sounded like you were but wanted to know which messages should cause you concern. Is that correct?
Reply
Philip J. Priest_1
Frequent Advisor

‎07-14-2005 06:57 AM

‎07-14-2005 06:57 AM

Re: customize syslog logging

Yes bill, i am getting messages in /var/adm/syslog/critical.log i have tested this with logger.

i have a line like this:
*.err;*.crit;*alert;*.emerg /var/adm/syslog/critical.log

i think this is all i need.

phil
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎07-14-2005 10:09 PM

‎07-14-2005 10:09 PM

Re: customize syslog logging

That's good. I think you should be all set.
As far as the script, if you are going to do some sort of alerting when you get a message, I would start off alerting for every message and then modify the script to ignore just those messages that you determine to be not important.

That way you will not miss a critical message that you forgot to look for in your script.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.