You can capture additional error messages that are generated by various system processes by modifying the /etc/syslog.conf file. By default, the /etc/syslog.conf file directs many system process messages to the /var/adm/messages files. Crash and boot messages are stored here as well. To view /var/adm messages, see How to View System Messages.
The /etc/syslog.conf file has two columns separated by tabs:
facility.level ... action
A facility or system source of the message or condition. May be a comma-separated listed of facilities. Facility values are listed in Table 5–1. A level, indicates the severity or priority of the condition being logged. Priority levels are listed in Table 5–2.
Do not put two entries for the same facility on the same line, if the entries are for different priorities. Putting a priority in the syslog file indicates that all messages of that all messages of that at least that priority are logged, with the last message taking precedence. For a given facility and level, syslogd matches all messages for that level and all higher levels.
The action field indicates where the messages are forwarded.
The following example shows sample lines from a default /etc/syslog.conf file.
user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg *
This means the following user messages are automatically logged:
User errors are printed to the console and also are logged to the /var/adm/messages file.
User messages requiring immediate action (alert) are sent to the root and operator users.
User emergency messages are sent to individual users.
The most common error condition sources are shown in the following table. The most common priorities are shown in Table 5–2 in order of severity.
|
|
See Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
$ pfedit /etc/syslog.conf
This sample /etc/syslog.conf user.emerg facility sends user emergency messages to root and individual users.
user.emerg `root, *'