Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1006247.1
Update Date:2010-11-01
Keywords:

Solution Type  Technical Instruction Sure

Solution  1006247.1 :   Sun StorEdge[TM] T3/T3+ array: Remote System Logging  


Related Items
  • Sun Storage T3 Array
  •  
  • Sun Storage T3+ Array
  •  
Related Categories
  • GCS>Sun Microsystems>Storage - Disk>Modular Disk - Other
  •  

PreviouslyPublishedAs
208761


Description
The Sun StorEdge[TM] T3/T3+ array has been configured to send its syslog messages to a:

syslog host, but the messages are being recorded in the local /etc/syslog file, and not being sent to the syslog host.



Steps to Follow
Remote System Logging:

STEP 1:

The first thing to verify, is that the syslog.conf file in the /etc directory
of the Sun StorEdge T3/T3+ array, is correct.

To configure this file to send messages to a syslog host, add an entry in the form of:

    *.category, 

where category is either:

  information, notice, warning or error, 

followed by:

  one or more tab spaces,
the @sign, and
the IP address of the syslog host.  

Note: The host name may be substituted for the IP address, if the name and IP
combination exists in the hosts file of the Sun StorEdge T3/T3+ array.

Shown here, is an example of a Sun StorEdge T3/T3+ array syslog.conf file:

stor-t300-b:/etc:<6>more syslog.conf
  # syslog.conf
# facility.level action
  # messages to local syslog file
*.notice	/syslog
*.info		/syslog
*.err		/syslog
  # messages to syslogd on another host
*.notice	@129.148.196.112
  # messages sent as SNMP traps
# *.warn.|snmp_trap saturn

In the above example, Sun StorEdge T3/T3+ array messages, of category - notice
and above, are being delivered to the local syslog file, as well as the syslog
host, identified by the ip address 129.148.196.112 .

Transfer this file to a suitable system for editing.

After the syslog.conf file has been edited/verified and transferred
back to the Sun StorEdge T3/T3+ array, run the - set logto * command, to
initiate logging as shown following:

   stor-t300-b:/etc:<7>set logto *

Test the Sun StorEdge T3/T3+ array logging, by running the following command:

   stor-t300-b:/etc:<8>logger -p local7.notice message_from_t3

Note: The message should appear in the /syslog file on the Sun StorEdge T3/T3+ array,
but may or may not appear in the syslog host's designated file, since the syslog
host configuration has not yet been verified.

-------------------------------------------------------------------------------

STEP 2:

The system designated as the syslog host, contains its own syslog configuration
file - /etc/syslog.conf . An entry must be added to this file, so the Sun
StorEdge T3/T3+ array can send messages to this host.

A configuration entry, is composed of two TAB-separated fields:

   the selector and
the action. 

The selector field contains the <facility.level> information, and the action
field indicates where to forward the message.

In the case of the Sun StorEdge T3/T3+ array, the facility is one of
local0-local7. The level, is either: info, notice, warn or err. The action field
is usually a file located in /var/adm, such as /var/adm/t300.messages.

Shown here is an example of a syslog host's syslog.conf file.

 syslog host /etc/syslog.conf file entry (tab separated):
#ident  "@(#)syslog.conf  1.5  98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.   Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice			/dev/console
*.err;kern.debug;daemon.notice;mail.crit	/var/adm/messages
 *.alert;kern.err;daemon.err			operator
*.alert						root
 *.emerg						*
 # if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice			ifdef(`LOGHOST', /var/log/authlog, @loghost)
 mail.debug			ifdef(`LOGHOST', /var/log/syslog, @loghost)
local7.notice					/var/adm/t300.log

In the above example, the Sun StorEdge T3/T3+ array messages are being received
by this syslog host under the local7 facility. All Sun StorEdge T3/T3+ array
messages, of level notice and above, will be received by this facility. These
syslog messages are being delivered to the /var/adm/t300.log file.

Keep in mind, that the administrator is responsible for creating the file that
will be used to capture the Sun StorEdge T3/T3+ array messages. Run a command
like the following to create this file:

    touch /var/adm/t300.log   

A second thing to remember is, that if changes are made to the syslog.conf file,
the syslogd daemon must be stopped and restarted - use the following command:

   /etc/init.d/syslog stop
/etc/init.d/syslog start

Test the syslog host logging, by issuing the following command:

   #>logger -p local7.notice message_from_syslog_host

This message should appear in the destination file /var/adm/t300.log as
specified in the /etc/syslog.conf file. This test proves that the syslog host is
capable of receiving and logging messages of the <facility.level>, specified in
the /etc/syslog.conf file. It does not guarantee that the remote messages from
the Sun StorEdge T3/T3+ array will be logged.

-------------------------------------------------------------------------------

STEP 3:

On startup, the syslogd daemon reads a second file, which contains default
parameters for the daemon. The file is /etc/default/syslogd.
This file contains the field LOG_FROM_REMOTE. By default, this is set to YES,
which allows the syslogd daemon to receive remote messages. If this field is set
to NO, the Sun StorEdge T3/T3+ array will still try to deliver the syslog
messages to the syslog host, but will be unsuccessful. The following snoop
session shows a Sun StorEdge T3/T3+ array, trying to deliver messages to a
syslog host, but the syslog host is being reported as unreachable, thus the
messages are not logged:

 #>: snoop stor-t300-b
Using device /dev/eri (promiscuous mode)
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288 
       thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288 stor-t300-b:/:<3>
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:10:14
thetee -> stor-t300-b  ICMP Destination unreachable (UDP port 514  unreachable)
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:10:14
thetee -> stor-t300-b  ICMP Destination unreachable (UDP port 514 unreachable)

Reviewing the /etc/default/syslogd file on the syslog host, we see that this
syslog host has been prevented from receiving the remote messages.

 #ident	"@(#)syslogd.dfl	1.1	01/11/01 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/syslogd
#
# syslogd default settings processed via syslogd(1M).
#
# LOG_FROM_REMOTE affects the logging of remote messages, see syslogd(1M)
# for details.  The default value is "YES".  A value of "NO" (any case)
# results in disabling of remote logging; any other value is ignored.
#
# Copy and uncomment the following default lines to change the values.
#
#LOG_FROM_REMOTE=YES
LOG_FROM_REMOTE=NO

Edit this file, and change the value of LOG_FROM_REMOTE from NO to YES,
restart the syslog daemon as detailed above, and try another test.

After making the changes to the /etc/default/syslogd file, and restarting
the syslogd daemon, re-test the Sun StorEdge T3/T3+ array logging, by running
the following command from the Sun StorEdge T3/T3+ array:

   stor-t300-b:/etc:<9>logger -p local7.notice second_message_from_t3

This time, the snoop shows a successful transfer of the message to the
syslog host.

 #>: snoop stor-t300-b
Using device /dev/eri (promiscuous mode)
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288 stor-t300-b:/:<2>
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:13:57
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:13:57

This message should appear in the /etc/syslog file, as well as the
/var/adm/t300.log file, as specified in the /etc/syslog.conf file.

-------------------------------------------------------------------------------

**** NOTE******

Check that the startup script /etc/init.d/syslog is not running syslog -t , as
this will also prevent the loghost from receiving messages from the Sun StorEdge
T3/T3+ array, even if /etc/default/syslogd has LOG_FROM_REMOTE=YES



Product
Sun StorageTek T3 Array
Sun StorageTek T3+ Array

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains.

To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

storage-os-disk-mid-domain@sun.com


The Knowledge Work Queue for this article is KNO-STO-MIDRANGE_DISK

wayne.taranto@sun.com


remote, syslog, configuration, loghost, log, audited
Previously Published As
77608

Change History
Date: 2007-07-18
User Name: 7058
Action: Approved
Comment: Updates OK to publish.
Version: 13
Date: 2007-07-18
User Name: 7058
Action: Accept
Comment:
Version: 0
Date: 2007-07-18
User Name: 109562
Action: Approved
Comment: Ok
Version: 0

Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback