rhugga
asked on
Configuring custom syslog facilities, Solaris 2.6
I am trying to create a custom facility and also trying to get the reserved local ones to work. My ultimate goal is to write apache access logs to this facilty and send them to another server.
I added this to syslog.conf
local0.info /var/adm/web_access
and then used logger as follows:
logger -p local0.info "some mesg"
But this file never gets written too. I have restarted syslog (and even gone as far as rebooted the box)
I am trying to get syslog to write to this new file first, and then worry about routing it to another machine.
Any ideas?
Also, can a completely custom facility be created such as web.access as opposed to user.info for example?
Thanks,
Chuck
I added this to syslog.conf
local0.info /var/adm/web_access
and then used logger as follows:
logger -p local0.info "some mesg"
But this file never gets written too. I have restarted syslog (and even gone as far as rebooted the box)
I am trying to get syslog to write to this new file first, and then worry about routing it to another machine.
Any ideas?
Also, can a completely custom facility be created such as web.access as opposed to user.info for example?
Thanks,
Chuck
Syslogd uses the M4 macro libraries. Thus, field delimeters are the TAB character. Are you putting a tab between the service filter (local0.info) and the log file name?
You can test the above by running syslog with the '-d' (debug) flag, which will cause it to print out what it thinks its rule base is.
Also, as for adding facilities, you can't do this unless you modify the source code to syslogd, logger, and syslog() on your system. This is one of the biggest shortcomings of syslog (along with security concerns and the fact that the messaes are unformatted). Like Brian Kernighan said (about X Windows) "Sometimes when you fill a vacuum it still sucks."
Also, as for adding facilities, you can't do this unless you modify the source code to syslogd, logger, and syslog() on your system. This is one of the biggest shortcomings of syslog (along with security concerns and the fact that the messaes are unformatted). Like Brian Kernighan said (about X Windows) "Sometimes when you fill a vacuum it still sucks."
2 things:
#1: the file /var/adm/web_access must exist, and must be writeable by your syslog.
#2: etdey is right, the TAB is the MOST IMPORTANT thing about this operation. ONE SPACE in the line can hose your logging.
using vi on the syslog.conf, try this
<esc>se list
this sill turn on SPECIAL CHARACTER LISTING, causing the TABS to all appear as ^I and carriage returns as $
here's an example of mine:
local7.notice^I^I^I/var/lo
local7.alert^I^I^I/var/log
this causes my tcpd wrappers to log to a special set of files.
#1: the file /var/adm/web_access must exist, and must be writeable by your syslog.
#2: etdey is right, the TAB is the MOST IMPORTANT thing about this operation. ONE SPACE in the line can hose your logging.
using vi on the syslog.conf, try this
<esc>se list
this sill turn on SPECIAL CHARACTER LISTING, causing the TABS to all appear as ^I and carriage returns as $
here's an example of mine:
local7.notice^I^I^I/var/lo
local7.alert^I^I^I/var/log
this causes my tcpd wrappers to log to a special set of files.
We have opened up a new Solaris Topic Area.
To increase the visibility of questions, we moved questions we felt
appropriate to the new Solaris Topic Area where they will be easier for
Solaris experts to find and answer. You may view your question at
https://www.experts-exchange.com/Computers/Operating_Systems/Solaris/
If you have any questions about the new topic area you can contact
Community Support by posting a comment at the following URL or by
emailing us at cs@experts-exchange.com.
https://www.experts-exchange.com/Customer_Service/Experts_Exchange/
Ian
Community Support @ Experts Exchange
To increase the visibility of questions, we moved questions we felt
appropriate to the new Solaris Topic Area where they will be easier for
Solaris experts to find and answer. You may view your question at
https://www.experts-exchange.com/Computers/Operating_Systems/Solaris/
If you have any questions about the new topic area you can contact
Community Support by posting a comment at the following URL or by
emailing us at cs@experts-exchange.com.
https://www.experts-exchange.com/Customer_Service/Experts_Exchange/
Ian
Community Support @ Experts Exchange
Hi rhugga,
Please come back and update your thread. What is your status? Have the comments the Experts have made helped you?
darinw
Customer Service
Please come back and update your thread. What is your status? Have the comments the Experts have made helped you?
darinw
Customer Service
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Answer accepted