aix系统服务器日志外发,AIX系统日志

配置文件的格式:

selector域定义了facility和优先级.以逗号分离facility名,以点号分离facility和优先级,以分号分离相同selector域中多个条目,选择所有的facilities用星号.

action域确定了一个接收消息的目的地.如果发送到一个远程主机,远程系统会象在自己的配置文件中指出的一样处理该消息,要在一个用户终端上显示消息,destination域必须包含一个登录到系统中的可用用户名.

facilities,下面列出一些在/etc/syslog.conf文件中使用的facilities:

Facility Description

kern Kernel

userUser level

mail Mail subsystem

daemon System

daemons

auth Security or authorization

syslog syslogd daemon

lpr

Line-printer subsystem

news News subsystem

uucp uucp subsystem

* All

facilities

priority,下面列出在/etc/syslog.conf文件中使用的优先级,这些优先级可以在selector域中的消息优先级字段.指定优先级或高于该优先级的级别的消息直接发送.

Priority Level Description

emerg Specifies emergency messages

(LOG_EMERG). These messages are not distributed to all users. LOG_EMERG priority

messages can be logged into a separate file for reviewing.

alert Specifies

important messages (LOG_ALERT), such as a serious hardware error. These messages

are distributed to all users.

crit Specifies critical messages not

classified as errors (LOG_CRIT),such as improper login attempts. LOG_CRIT and

higher-priority messages are sent to the system console.

err Specifies

messages that represent error conditions (LOG_ERR), such as an unsuccessful disk

write.

warning Specifies messages for abnormal, but recoverable, conditions

(LOG_WARNING).

notice Specifies important informational messages

(LOG_NOTICE). Messages without a priority designation are mapped into this

priority. These are more important than informational messages, but not

warnings.

info Specifies informational messages (LOG_INFO). These messages

can be discarded but are useful in analyzing the system.

debug Specifies

debugging messages (LOG_DEBUG). These messages may be discarded.

none

Excludes the selected facility. This priority level is useful only if preceded

by an entry with an * (asterisk) in the same selector field.

destination,下面列出一些在/etc/syslog.conf文件中使用的destinations,可以在action域使用这些destinations

Destination Description

File Name Full path name of a file opened in

append mode.

@Host Host name, preceded by @ (at sign).

User[, User][...]

User names.

* All users.

修改syslog.conf文件后,需要重新启动syslogd后台.使用以下命令

1.查看syslogd后台进程ID是什么:ps -ef|grep syslogd

# ps -ef | grep

syslogd

root 5426 4168 0 Nov 01 - 0:00 /usr/sbin/syslogd

root

24938 25854 2 12:04:03 pts/6 0:00 grep syslog

2.使用stoprc命令停止syslogd后台:stopsrc -s syslogd

3.检查syslogd后台是否成功停止:ps -ef|grep syslogd

4.重启syslogd后台:startsrc

-s syslogd

对/etc/syslog.conf作一些修改:

1.向/tmp/mailsyslog日志中录入所有的mail facility的级别为debug或超过debug级别的消息:mail.debug

/tmp/mailsyslog.其中,mail是facility,debug是优先级,/tmp/mailsyslog是目的地.

2.送所有的系统信息[除了来自mail facility的]到一台名为rigil的主机:*.debug;mail.none

@rigil.其中*和mail是facility,debug和none是优先级,@rigil是目的地.

3.把所有的mail

facility消息送到所有用户终端显示上:mail.debug *