Key:
Facility.Level
Facilities
- kern
- daemon
- user
- auth
- syslog
- cron
- lpr
- news
- uucp
- mark (the time when the message was last saved.
- * all except mark
Level Priority
emerg 0
alert 1
crit 2
err 3
warning 4
notice 5
info 6
debug 7
none 8
Action
- /dev/sysmsg console
- /var/adm/messages message file
- /file write into target file
- root send to root
- @host1 send to syslogd on a remote host
- operator send to user if user is logging in
* send to all users who currently logged in
/etc/syslog.conf ;parsed by m4
Facility.Level
-------------------------------------------------
kern.crit
kern.crit; daemn.notice
kern,daemon.crit
*.crit
Meaning: Facility.Level and above will be Actioned
sample /etc/syslog.conf file
----------------------------------------------------
#if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
-----------------------------------------------------
Special Note:
mail.debug ifdef('LOGHOST',/var/log/syslog,@loghost)
m4 -syntax :
If LOGHOST env is defined as true, the line would be
mail.debug /var/log/syslog ;send to local /var/log/syslog
Otherwise, LOGHOST FALSE, loghost is defined, the line would be:
mail.debug @loghost
-----------------------------------------------------
NOTE:
loghost is defined in /etc/hosts. When the server boots up, it uses /etc/hosts
to resolve loghost.
/usr/ccs/bin/m4 -D LOGHOST ; causing the m4 LOGHOST variable to be defined as TRUE.
Enabling TCP tracing using syslog
The inetd daemon uses the syslog command to record incoming network connection
requests made by using TCP.
The inetd listens for service requests on the TCP and UDP prots associated with
each of the services listed in the inetd configuration file. You can modify
the inetd to log TCP connections by using syslogd daemon.
#inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=FALSE
tcp_wrappers=FALSE
Turn on tracing
#inetadm -M tcp_trace=TRUE
#inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=TRUE
tcp_wrappers=FALSE
You can enable the trace option for each inetd-managed service to send
messages to the syslogd daemon. Use the inetadm command to modify the
settings of the service to enable TCP tracing.
#inetadm -m telnet tcp_trace=TRUE
#inetadm -l telnet
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSE