HPE Community
Operating System - HP-UX
1846087 Members
3961 Online
110253 Solutions
New Discussion

syslogd

 
SOLVED
Go to solution
Roberto Gallis
Regular Advisor

‎11-19-2001 01:02 AM

‎11-19-2001 01:02 AM

syslogd

Hi all,
I have a switch that it sends messages in my syslog.
But now, I wanna send these messages to an other file.
How can I set syslog.conf to do that?

Regards
Roberto
0 Kudos
Reply
6 REPLIES 6
Steven Sim Kok Leong
Honored Contributor

‎11-19-2001 01:11 AM

‎11-19-2001 01:11 AM

Re: syslogd

Hi,

You will need to first identify the logging facility and levels used by the switch in the form of facility.level.

If it uses only eg. switch facility and level alert, then in your /etc/syslog.conf, you can specify:

switch.alert /var/adm/switch.messages # use another file for logging
switch.alert @loghost.logdomain # loghost.logdomain is the name of your logging server which is running syslogd as well

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Roberto Gallis
Regular Advisor

‎11-19-2001 01:31 AM

‎11-19-2001 01:31 AM

Re: syslogd

I tried,
but I found the message in syslog

unknown facility nale "switch": no such device or address

How can I define it?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎11-19-2001 01:39 AM

‎11-19-2001 01:39 AM

Solution

Re: syslogd

Hi,

You have to replace "switch" with the facility name used by your switch.

To check, look at your syslog.log for entries by your switch and identify the facility name representing your switch. The facility name should come after your hostname.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
Reply
Roberto Gallis
Regular Advisor

‎11-19-2001 05:57 AM

‎11-19-2001 05:57 AM

Re: syslogd

HI
I did that,
but syslog continue to send messages in syslog and not in the other files.
I found a document with the example of a cisco switch using the facility "local7" known by syslog. Using the host name does not work.

0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎11-19-2001 08:07 AM

‎11-19-2001 08:07 AM

Re: syslogd

Hi,

What I meant is that to identify the facility name, often the tag after the hostname reflected in syslog.log would give some clues as to what the facility name would be.

In this case, your facility is LOCAL7. A number of applications may use this facility.

To send logs to another file, you have to put into syslog.conf such as:

local7.* /var/adm/syslog/switch.messages

Remember to restart your syslogd daemon for your changes to take effect.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-19-2001 10:10 AM

‎11-19-2001 10:10 AM

Re: syslogd

The syslog facilities local0,local1...local7 are designed to do what you want. You can test that your syslog.conf file is working correctly by using logger as in:

logger -t some-id-info -p local7.warn "This is a local7 warning"
tail /var/adm/syslog/syslog.log

where -t will report whatever you want, typically it is the program's name or application. Once logging is working, change /etc/syslog.conf, then ask syslog to re-read the config file and issue the command again. You should see local7 being logged to it's new location. Now try your application.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.