Configuring a Syslogd Server
Because syslogd was originally a UNIX concept, the features available in the syslogd
products on non-UNIX systems depend on the vendor implementation. Features might
include dividing incoming messages by facility or debug level or both, resolving the names of
the sending devices, and reporting facilities. For information on configuring the non-UNIX
syslog server, refer to the vendor’s documentation.
To configure syslog on UNIX, follow these steps:
Step 1 On SunOS, AIX, HPUX, or Solaris, as root, make a backup of the /etc/
syslog.conf file before modifying it.
Step 2 Modify /etc/syslog.conf to tell the UNIX system how to sort out the
syslog messages coming in from the sending devices—that is, which
logging-facility.level goes in which file. Make sure there is a tab between
the logging-facility.level and file-name.
Step 3 Make sure the destination file exists and is writable.
Step 4 The #Comment section at the beginning of syslog.conf usually explains
the syntax for the UNIX system.
Step 5 Do not put file information in the ifdef section.
Step 6 As root, restart syslogd to pick up changes.
For example, if /etc/syslog.conf is set for
local7.warn /var/log/local7.warn
warning, error, critical, alert, and emergency messages coming in on the local7 logging
facility are logged in the local7.warn file. Notification, informational, and debug messages
coming in on the local7 facility are not logged anywhere.
NOTE Configuring the syslog server is not covered on the PIX CSPFA 642-522 exam.
Configuring a Syslogd Server 263
If /etc/syslog.conf is set for
*.debug /var/log/all.debug
all message levels from all logging facilities go to this file.