Configuring the System error or event log (syslog)
Syslog is a standard for computer message logging and integrates log data from many different types of systems into a central repository.
Authorization
Root user authority is required on UNIX operating systems.Description
The program of the syslog is syslogd, that is, syslog daemon. The configuration file /etc/syslog.conf is used to control the output of syslogd. The user has to configure the log configuration file (/etc/syslog.conf) and each line in the configuration file must consist of the first two parts below:- A selector to determine the log message priorities which is the facility.priority pair.
- A log destination (file path) for the above selector.
- Rotation (optional)
- kern - kernel messages
- user - random user-level messages (recommended for the db2audit extract command)
- mail - mail system messages
- daemon - system daemons
- auth - security/authorization messages (recommended for the db2audit extract command)
- syslog - messages generated internally by syslogd
- lpr - line printer subsystem
- news - news subsystem
- uucp - uucp subsystem
- cron - clock daemon
- caa - Cluster aware AIX® subsystem
- local0 ~ local7 - reserved for local use (recommended for the db2audit extract command)
- * - (all facilities- used only in the configuration file and not in the commands or API)
- emerg or panic - system is unusable
- alert - action must be taken immediately
- crit - critical conditions
- err or error - error conditions
- warn or warning - warning conditions
- notice - normal but significant condition
- info - informational
- debug - debug-level messages
date time hostname facility:priority username: message_body.
All items before the message_body are metadata, for example:Oct 10 12:05:23 hotel37 mail:err newton: The user newton just got a mail error.
Examples
The
following example shows the facility.priority sample
configuration lines in the /etc/syslog.conf file:
user.info /var/log/db2/user_messages.log
User
messages at info or higher priority go to the /var/log/db2/user_messages.log. mail.crit /dev/console
Mail
messages at crit or higher priority go to the console. *.debug /var/log/all_messages.log
All
facilities at debug or higher priority go to/var/log/all_messages.log.auth.warning @host123.torolab.ibm.com
Authorization
messages at warning or higher priority are forwarded
by the local syslog daemon (syslogd) to the syslog daemon (syslogd)
on host123 machine.