System Administration Guide: Advanced Administration
Previous Next

Customizing System Message Logging

You can capture additional error messages that are generated by various system processes by modifying the /etc/syslog.conf file. By default, the /etc/syslog.conf file directs many system process messages to the /var/adm/messages files. Crash and boot messages are stored here as well. To view /var/adm messages, see How to View System Messages.

The /etc/syslog.conf file has two columns separated by tabs:

facility.level ... action
facility.level

A facility or system source of the message or condition. May be a comma-separated listed of facilities. Facility values are listed in Table 15-1. A level, indicates the severity or priority of the condition being logged. Priority levels are listed in Table 15-2.

Do not put two entries for the same facility on the same line, if the entries are for different priorities. Putting a priority in the syslog file indicates that all messages of that all messages of that priority or higher are logged, with the last message taking precedence. For a given facility and level, syslogd matches all messages for that level and all higher levels.

action

The action field indicates where the messages are forwarded.

The following example shows sample lines from a default /etc/syslog.conf file.

user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *

This means the following user messages are automatically logged:

  • User errors are printed to the console and also are logged to the /var/adm/messages file.

  • User messages requiring immediate action (alert) are sent to the root and operator users.

  • User emergency messages are sent to individual users.


Note - Placing entries on separate lines might cause messages to be logged out of order if a log target is specified more than once in the /etc/syslog.conf file. Note that you can specify multiple selectors in a single line entry, each separated by a semi-colon.


The most common error condition sources are shown in the following table. The most common priorities are shown in Table 15-2 in order of severity.

Table 15-1 Source Facilities for syslog.conf Messages

Source

Description

kern

The kernel

auth

Authentication

daemon

All daemons

mail

Mail system

lp

Spooling system

user

User processes


Note - The number of syslog facilities that can be activated in the /etc/syslog.conf file is unlimited.


Table 15-2 Priority Levels for syslog.conf Messages

Priority

Description

emerg

System emergencies

alert

Errors requiring immediate correction

crit

Critical errors

err

Other errors

info

Informational messages

debug

Output used for debugging

none

This setting doesn't log output

How to Customize System Message Logging

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Edit the /etc/syslog.conf file, adding or changing message sources, priorities, and message locations according to the syntax described in syslog.conf(4).
  3. Exit the file, saving the changes.
Example 15-2 Customizing System Message Logging

This sample /etc/syslog.conf user.emerg facility sends user emergency messages to root and individual users.

user.emerg                                      `root, *'
Previous Next