Note: Syslog is the default logging handler/router in Solaris
Note: Defaults to UDP:514
Note: Segment your Syslog Host(s) on a distinct subnet, protected by ACLs
pkgchk -lP /usr/sbin/syslogd
Syslog can log to the following locations:
1. remote host
2. local file (Suggested destination because of I/O performance)
3. console
4. specific users
5. *
Note: Syslog processes 3 pieces information represented by 2 fields:
/etc/syslog.conf - primary configuration file for Syslog
man syslog.conf
1: selector(*.emerg) 2: action(/dev/console)
*.emerg /dev/console
Selector = facility(user).severity_level(debug)
Action = target for log entry (files, console, remote host)
###Syslog Recognized Facilities###
USER,KERN,MAIL(Postfix,Sendmail),DAEMON(programs),AUTH,LPR,NEWS,CRON,AUDIT
,LOCAL0-7(provides 8 usable facilities),MARK,*
### 8 Syslog Recognized Severity Levels###
1. EMERG - yields least output
2. ALERT
3. CRIT
4. ERROR
5. WARNING
6. NOTICE
7. INFO
8. DEBUG - yields most output
Note: restart syslog after changing /etc/syslog.conf
local0.info /var/log/ciscofirewall1.log
touch /var/log/ciscofirewall1.log
svcadm restart system-log
###Log Rotation using logadm###
which logadm
pkgchk -lP /usr/sbin/logadmd - member of SUNWcsu
logadm is configured to run daily in root's crontab
crontab -l
/etc/logadm.conf - default configuration file
Note: don't memorize all parameters. Execute 'logadm -h'
Note: command-line directives override /etc/logadm.conf directives
Note: logadm preserves 10 backups of log files named logname.0-.9
Note: logadm supports shell wildcards '*', '?'
0 comments:
Post a Comment