Table of Contents

SYSLOG

SLES 10 syslog ng

Bron

To enable syslogging to a different log host edit this file:

OES:~ # vi /etc/syslog-ng/syslog-ng.conf.in

An add these lines to the bottom of the file:

destination loghost_udp {
        udp("10.10.10.11" port(514));
};
log {
        source(src);
        destination(loghost_udp);
};

Afterwards run these commands to activate the logging:

OES:~ # SuSEconfig --module syslog-ng
Starting SuSEconfig, the SuSE Configuration Tool...
Running module syslog-ng only
Reading /etc/sysconfig and updating the system...
Executing /sbin/conf.d/SuSEconfig.syslog-ng...
Checking //etc/syslog-ng/syslog-ng.conf.SuSEconfig file: ok
Finished.

OES:~ # /etc/init.d/syslog restart
Shutting down syslog services                                         done
Starting syslog services                                              done

STATS

Do you also get a lot of these messages?:
Syslog     Syslog     Notice     OES syslog-ng[2435]: STATS: dropped 0      14:19:30 May 19 2009
Syslog     Syslog     Notice     OES syslog-ng[2435]: STATS: dropped 0     13:19:29 May 19 2009
Syslog     Syslog     Notice     OES syslog-ng[2435]: STATS: dropped 0     12:19:29 May 19 2009
Syslog     Syslog     Notice     OES syslog-ng[2435]: STATS: dropped 0     11:19:29 May 19 2009

They mean that syslog hasn't dropped any message! Well, ain't that cool! But, I don't wanna know each hour. Once a day is good enough:

OES:~ # vi /etc/syslog-ng/syslog-ng.conf.in

And edit this line:

options { long_hostnames(off); sync(0); perm(0640); stats(86400); };

I changes the stats to 86.400 which means once a day. It was 3600, which means once every hour.

Test message

To test syslogging you can use the logger command:
logger "Testmessage oesbox"

SLES 11

In SLES 11, the SuSEconfig script and its syslog-ng.conf.in configuration template aren't used any more. You can enter the changes above directly in the /etc/syslog-ng/syslog-ng.conf file.

AIX syslog

To enable syslogging on an AIX box and to forward all information to a particular syslog server edit the /etc/syslog.conf file and restart the syslog daemon: 
vi /etc/syslog.conf:

In this file you configure the logging in this format: 

facility.priority destination
<facility> is:
       * - all (except mark)
       mark - time marks
       kern,user,mail,daemon, auth,... (see syslogd(AIX Commands Reference))

<priority> is one of (from high to low):
       emerg/panic,alert,crit,err(or),warn(ing),notice,info,debug
       (meaning all messages of this priority or higher)

<destination> is:
       /filename - log to this file
       username[,username2...] - write to user(s)
       @hostname - send to syslogd on this machine
       * - send to all logged in users

Example:

#user.info               /var/adm/log.log   rotate size 10m files 2 compress
#user.debug              /var/adm/log.dbg   rotate size 20m files 8 compress

Because I want to send all messages to a syslogd server, this is the line I need:

*.debug @syslogsrv.company.local
bash-3.2# refresh -s syslogd
0513-095 The request for subsystem refresh was completed successfully.
, ,