Shulou(Shulou.com)06/01 Report--

This article will explain in detail what is the use of the syslog mechanism in Solaris. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

The syslog mechanism is responsible for sending and recording the information generated by the system kernel and tools, which is composed of syslog () calls, syslogd daemons and configuration files / etc/syslog.conf. When the system kernel and tools generate information, send the information to syslogd,syslogd by calling syslog (), and then process the information as follows according to the configuration requirements in / etc/syslog.conf:

1. Record it in the system log

two。 Output to the system console

3. Forward to the specified user

4. Forward to syslogd on other hosts over the network.

Through the configuration of syslog.conf, we can flexibly control the sending and saving of information.

The syslogd process is started by / etc/rc2.d/S74syslog when the system starts. If you need to start or stop syslogd manually, you can use the command:

# / etc/init.d/syslog start | stop

A configuration record in the / etc/syslog.conf file consists of two parts, selector and action, separated by a tab tab. The "option" consists of one or more reserved fields in the form of "type." the reserved fields are separated by semicolons.

The "type" in the reserved field represents the source of the information, which can be:

Kern the information generated by kernel

User the information generated by the user process. The default type for information generated by programs or tools not listed here is "user"

Information generated by the mail mail system

Information about daemon system daemons, such as in.ftpd, telnetd

The information generated when auth is authenticated by login, su, getty, etc.

Syslog information generated internally by syslogd itself

Lpr lines print information about the spooling system

Information of news USENET Network News system

Uucp UUCP system Information

Cron cron and at tool information

Local0-7 reserved for local use

Timestamp information generated within mark syslogd

* all types except mark (this symbol cannot be used to represent all levels).

The "level" in the reserved field represents the importance of the information, which can be:

Emerg is urgent and is in Panic state. Should usually be broadcast to all users

Alert alert, the current state must be corrected immediately. For example, the system database crashes

Warning of crit critical status. For example, hardware failure

Err other errors

Warning warning

Notice note; reports of non-error status, but should be handled specially

Info Notification Information

Information when debugging programs in debug

None is usually used when debugging programs, indicating that information generated by types with a none level does not need to be sent. For example, * .debug; mail.none means that all messages except email messages are sent during debugging.

The Action field indicates the destination to which the message is sent. It can be:

/ filename log file. The file name indicated by the absolute path, which must be established in advance

@ host remote host

User1, user2 specifies the user. If the specified user is logged in, they will receive a message

* all users. All logged-in users will receive a message.

Let's look at the example in the / etc/syslog.conf file:

……

* .err;kern.debug;daemon.notice;mail.crit / var/adm/messages

……

The "action" in this line is the / var/adm/messages file we often care about, and the source of the information output to it is "selector":

* .err-all general error messages

Kern.debug-debugging information generated by the core

Daemon.notice-attention information for the daemon

Mail.crit-key warning message for the mail system

So we have a general idea of how things in / var/adm/messages come from. Look at the following (ignore the annotation symbol "#"):

……

# if a non-loghost machine chooses to have authentication messages

# sent to the loghost machine, un-comment out the following line:

# auth.notice ifdef ('LOGHOST', / var/log/authlog, @ loghost)

……

Loghost and M4 macro interpreters under Solaris are involved here. Loghost is easy to understand, that is, one of several SUN machines in the local area network is designated as loghost, and everyone's syslogd is poured into it if there is water. Exactly who is loghost is defined in / etc/hosts:

……

192.168.1.11 host1 loghost

192.168.1.22 host2

……

M4 is responsible for explaining ifdef, so I won't delve into its deeds here (brothers and sisters who want to take the SA test will go to see it, there are questions). Anyway, the above ifdef means: if the local machine is loghost, then the message is sent to / var/log/authlog, otherwise it is sent to the host after @.

As an example, let's see how to use the syslog mechanism to record telnet logins.

Many network services, such as Telnet and ftp, are provided through inetd. So first check what type and level of syslog calls inetd uses:

# man inetd

……

-t Instructs inetd to trace the incoming

Connections for all of its TCP services. It does this by

Logging the client's IP address and TCP port number

Along with the name of the service, using the syslog (3)

Facility. UDP services can not be traced. When tracing is

Enabled, inetd uses the syslog facility code ``daemon''

And ``notice'' priority level.

……

That is, start inetd with the-t option, and it will call syslog to record the details of the TCP service, type daemon and level notice. So first modify the startup script / etc/init.d/inetsvc of inetd, find the line inetd, and change it to:

/ usr/sbin/inetd-s-t &

As you saw earlier, daemon.notice is already included in syslog.conf, and action is / var/adm/messages. If action doesn't want to change, then you don't have to change it.

Restart syslogd:

# / etc/init.d/syslog stop

# / etc/init.d/syslog start

Restart inetd:

# / etc/init.d/inetsvc stop

# / etc/init.d/inetsvc start

Test the results. Open a window to see if there is a new message:

# tail-f / var/adm/messages

Telnet or ftp from another machine. There should be output in the above monitoring window (^ C terminates monitoring):

……

Jun 18 12:08:42 host1 inetd [755]: [ID 317013 daemon.notice] ftp [759] from 192.168.1.88 1082

Jun 18 12:09:13 host1 inetd [755]: [ID 317013 daemon.notice] telnet [760] from 192.168.1.88 1083

Jun 18 12:11:22 host1 inetd [755]: [ID 317013 daemon.notice] ftp [771] from 192.168.1.88 1084

This is the end of this article on "what is the use of syslog mechanism in Solaris". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.