Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Technical Instruction Sure Solution 1006247.1 : Sun StorEdge[TM] T3/T3+ array: Remote System Logging
PreviouslyPublishedAs 208761 Description The Sun StorEdge[TM] T3/T3+ array has been configured to send its syslog messages to a: syslog host, but the messages are being recorded in the local /etc/syslog file, and not being sent to the syslog host. Steps to Follow Remote System Logging: STEP 1: The first thing to verify, is that the syslog.conf file in the /etc directory To configure this file to send messages to a syslog host, add an entry in the form of: *.category, where category is either: information, notice, warning or error, followed by: one or more tab spaces, the @sign, and the IP address of the syslog host.
Note: The host name may be substituted for the IP address, if the name and IP Shown here, is an example of a Sun StorEdge T3/T3+ array syslog.conf file: stor-t300-b:/etc:<6>more syslog.conf # syslog.conf # facility.level action # messages to local syslog file *.notice /syslog *.info /syslog *.err /syslog # messages to syslogd on another host *.notice @129.148.196.112 # messages sent as SNMP traps # *.warn.|snmp_trap saturn In the above example, Sun StorEdge T3/T3+ array messages, of category - notice
Transfer this file to a suitable system for editing. After the syslog.conf file has been edited/verified and transferred stor-t300-b:/etc:<7>set logto * Test the Sun StorEdge T3/T3+ array logging, by running the following command: stor-t300-b:/etc:<8>logger -p local7.notice message_from_t3
Note: The message should appear in the /syslog file on the Sun StorEdge T3/T3+ array, ------------------------------------------------------------------------------- STEP 2: The system designated as the syslog host, contains its own syslog configuration A configuration entry, is composed of two TAB-separated fields: the selector and the action. The selector field contains the <facility.level> information, and the action In the case of the Sun StorEdge T3/T3+ array, the facility is one of Shown here is an example of a syslog host's syslog.conf file. syslog host /etc/syslog.conf file entry (tab separated): #ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/console *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) local7.notice /var/adm/t300.log In the above example, the Sun StorEdge T3/T3+ array messages are being received Keep in mind, that the administrator is responsible for creating the file that touch /var/adm/t300.log A second thing to remember is, that if changes are made to the syslog.conf file, /etc/init.d/syslog stop /etc/init.d/syslog start Test the syslog host logging, by issuing the following command: #>logger -p local7.notice message_from_syslog_host This message should appear in the destination file /var/adm/t300.log as ------------------------------------------------------------------------------- STEP 3: On startup, the syslogd daemon reads a second file, which contains default #>: snoop stor-t300-b Using device /dev/eri (promiscuous mode) thetee -> stor-t300-b TELNET C port=39288 stor-t300-b -> thetee TELNET R port=39288 thetee -> stor-t300-b TELNET C port=39288 stor-t300-b -> thetee TELNET R port=39288 stor-t300-b:/:<3> thetee -> stor-t300-b TELNET C port=39288 stor-t300-b -> thetee SYSLOG R port=514 <189>Aug 02 06:10:14 thetee -> stor-t300-b ICMP Destination unreachable (UDP port 514 unreachable) stor-t300-b -> thetee SYSLOG R port=514 <189>Aug 02 06:10:14 thetee -> stor-t300-b ICMP Destination unreachable (UDP port 514 unreachable) Reviewing the /etc/default/syslogd file on the syslog host, we see that this #ident "@(#)syslogd.dfl 1.1 01/11/01 SMI" # # Copyright (c) 2001 by Sun Microsystems, Inc. # All rights reserved. # # /etc/default/syslogd # # syslogd default settings processed via syslogd(1M). # # LOG_FROM_REMOTE affects the logging of remote messages, see syslogd(1M) # for details. The default value is "YES". A value of "NO" (any case) # results in disabling of remote logging; any other value is ignored. # # Copy and uncomment the following default lines to change the values. # #LOG_FROM_REMOTE=YES LOG_FROM_REMOTE=NO Edit this file, and change the value of LOG_FROM_REMOTE from NO to YES, After making the changes to the /etc/default/syslogd file, and restarting stor-t300-b:/etc:<9>logger -p local7.notice second_message_from_t3 This time, the snoop shows a successful transfer of the message to the #>: snoop stor-t300-b Using device /dev/eri (promiscuous mode) thetee -> stor-t300-b TELNET C port=39288 stor-t300-b -> thetee TELNET R port=39288 thetee -> stor-t300-b TELNET C port=39288 stor-t300-b -> thetee TELNET R port=39288 stor-t300-b:/:<2> thetee -> stor-t300-b TELNET C port=39288 stor-t300-b -> thetee SYSLOG R port=514 <189>Aug 02 06:13:57 stor-t300-b -> thetee SYSLOG R port=514 <189>Aug 02 06:13:57 This message should appear in the /etc/syslog file, as well as the ------------------------------------------------------------------------------- **** NOTE****** Check that the startup script /etc/init.d/syslog is not running syslog -t , as Product Sun StorageTek T3 Array Sun StorageTek T3+ Array Internal Comments This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains.
To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:
wayne.taranto@sun.com remote, syslog, configuration, loghost, log, audited Previously Published As 77608 Change History Date: 2007-07-18 User Name: 7058 Action: Approved Comment: Updates OK to publish. Version: 13 Date: 2007-07-18 User Name: 7058 Action: Accept Comment: Version: 0 Date: 2007-07-18 User Name: 109562 Action: Approved Comment: Ok Version: 0 Attachments This solution has no attachment |
||||||||||||
|