HPE Community
Operating System - HP-UX
1820309 Members
2546 Online
109623 Solutions
New Discussion юеВ

Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

 
Philip Chan_1
Respected Contributor

тАО06-19-2003 01:34 AM

тАО06-19-2003 01:34 AM

Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

Hi

I understand that in hpux individual log files can be setup by redefining their directives in /etc/syslog.conf. For example,

mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
#
# additional ones
#
*.notice /var/adm/notice
*.warn;*.err;mail.info /var/adm/syslog/syslog.log
*.crit /var/adm/critical
auth.* /var/adm/authlog
kern.* /var/adm/kernlog
kern,mark.debug /dev/console
kern.err @phoenix
*.emerg @phoenix

My question is, if I don't specify those entries under the "additional ones" section, will these event entries all go into /var/adm/syslog/syslog.log instead? or will they not show up in syslog.log at all?

Comments and opinions are all welcome.

Thanks.
0 Kudos
Reply
5 REPLIES 5
Gavin Clarke
Trusted Contributor

тАО06-19-2003 01:40 AM

тАО06-19-2003 01:40 AM

Re: Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

Looks to me like you have to tell them where to go, even syslog entries, although I've never changed this file on our systems.
0 Kudos
Reply
V.Tamilvanan
Honored Contributor

тАО06-19-2003 01:47 AM

тАО06-19-2003 01:47 AM

Re: Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

Hi,
I think whether u add entries above or below "#additional ones" it doesn't make any difference.
So If you are not specifying those entries above or under "additional ones" , those event entries will not go into /var/adm/syslog/syslog.log at all.

HTH
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО06-19-2003 01:56 AM

тАО06-19-2003 01:56 AM

Re: Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

Each of your additional entries needs to be considered separately in order to decide if and where they would go if you commented them out.

Normally you need to be explicit, eg. the following example redirects ftp messages to an ftp.log, instead of syslog.log;

local5.info;mail.none /var/adm/syslog/ftp.log
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

Can you see that normally *.info go to syslog (except mail=none - ie. no mail messages), but ive redefined local5.info (local5=ftp messages) to go to ftp.log instead (again, no mail messages).

As there are no kern or auth entries normally in syslog these would not normally be logged by syslog, but in your example they have been setup to go to a separate log.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Zeev Schultz
Honored Contributor

тАО06-19-2003 02:08 AM

тАО06-19-2003 02:08 AM

Re: Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

You can even have an empty /etc/syslog.conf -
no use of course.Also remember that in your example auth.notice would go to /var/adm/notice and /var/adm/authlog.Can use .none.
I also think that if nothing goes to /dev/console than dmesg is of no use.

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
Steven Gillard_2
Honored Contributor

тАО06-19-2003 02:08 AM

тАО06-19-2003 02:08 AM

Re: Single syslog.log vs individual log files such as /var/adm/critical, /var/adm/authlog etc

If you remove the lines under "additional entries", it will only stop mail messages from being written to syslog.log.

In fact, your above configuration as it stands will probably result in multiple copies of some messages being written to syslog.log. This is because it appears twice in the file with overlapping priority settings.

If you want mail logging into syslog.log you can combine the two syslog.log entries into a single config line:

*.info; mail.info /var/adm/syslog/syslog.log

Note that when you specify a priority code, it includes all messages at that level _and above_. Therefore the *.info includes the *.warn and *.error configurations in your second syslog.log entry.

Hope this makes sense. See the syslogd man page for more details.

Cheers,
Steve
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.