Customizing System Message Logging
You can capture additional error messages that are generated by various system processes by
modifying the /etc/syslog.conf file. By default, the /etc/syslog.conf file directs many system process messages
to the /var/adm/messages files. Crash and boot messages are stored here as well.
To view /var/adm messages, see How to View System Messages.
The /etc/syslog.conf file has two columns separated by tabs:
facility.level ... action
- facility.level
A facility or system source of the message or condition. May be a comma-separated listed of facilities. Facility values are listed in Table 15-1. A level, indicates the severity or priority of the condition being logged. Priority levels are listed in Table 15-2.
Do not put two entries for the same facility on the same line, if the entries are for different priorities. Putting a priority in the syslog file indicates that all messages of that all messages of that priority or higher are logged, with the last message taking precedence. For a given facility and level, syslogd matches all messages for that level and all higher levels.
- action
The action field indicates where the messages are forwarded.
The following example shows sample lines from a default /etc/syslog.conf file.
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
This means the following user messages are automatically logged:
User errors are printed to the console and also are logged to the /var/adm/messages file.
User messages requiring immediate action (alert) are sent to the root and operator users.
User emergency messages are sent to individual users.
Note - Placing entries on separate lines might cause messages to be logged out of
order if a log target is specified more than once in the
/etc/syslog.conf file. Note that you can specify multiple selectors in a single line
entry, each separated by a semi-colon.
The most common error condition sources are shown in the following table. The
most common priorities are shown in Table 15-2 in order of severity.
Table 15-1 Source Facilities for syslog.conf Messages
Source |
Description |
|---|
kern |
The
kernel |
auth |
Authentication |
daemon |
All daemons |
mail |
Mail system |
lp |
Spooling system |
user |
User processes |
Note - The number of syslog facilities that can be activated in the /etc/syslog.conf file
is unlimited.
Table 15-2 Priority Levels for syslog.conf Messages
Priority |
Description |
|---|
emerg |
System emergencies |
alert |
Errors requiring immediate correction |
crit |
Critical errors |
err |
Other errors |
info |
Informational messages |
debug |
Output
used for debugging |
none |
This setting doesn't log output |
How to Customize System Message Logging
- Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
- Edit the /etc/syslog.conf file, adding or changing message sources, priorities, and message locations
according to the syntax described in syslog.conf(4).
- Exit the file, saving the changes.
Example 15-2 Customizing System Message Logging
This sample /etc/syslog.conf user.emerg facility sends user emergency messages to root and individual users.
user.emerg `root, *'
