Customizing System Message Logging

Language:

You can capture additional error messages that are generated by various system processes by modifying the /etc/syslog.conf file. By default, the /etc/syslog.conf file directs many system process messages to the /var/adm/messages files, which also contain crash and boot messages. To view /var/adm messages, see Viewing System Messages and Logging.

The /etc/syslog.conf file contains two columns separated by tabs:

facility.level ... action

facility.level

A facility is a system source of the message or condition. May be a comma-separated list of facilities. A level indicates the severity or priority of the condition being logged.

Do not put two entries for the same facility on the same line if the entries are for different priorities. Putting a priority in the syslog file indicates that all messages of at least that priority are logged, with the last message taking precedence. For a given facility and level, syslogd matches all messages for that level and all higher levels.

action

Indicates where the messages are forwarded.

The following example shows sample lines from a default /etc/syslog.conf file.

user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *

These entries cause the following user messages to be logged automatically:

User errors are printed to the console and also are logged to the /var/adm/messages file.
User messages requiring immediate action (alert) are sent to the root and operator users.
User emergency messages are sent to individual users.

Note - Placing entries on separate lines might cause messages to be logged out of order if a log target is specified more than once in the /etc/syslog.conf file. Note that you can specify multiple selectors in a single line entry, each separated by a semicolon.

The most common error condition sources are:

kern: The kernel
auth: Authentication
daemon: All daemons
mail: Mail system
lp: Spooling system
user: User processes

Note - The number of syslog facilities that can be activated in the /etc/syslog.conf file is unlimited.

The most common priority levels for syslog.conf messages, in priority order, are:

emerg: System emergencies
alert: Errors requiring immediate correction
crit: Critical errors
err: Other errors
info: Informational messages
debug: Output used for debugging
none: This setting doesn't log output

How to Customize System Message Logging

Assume the root role or a role that has the solaris.admin.edit/etc/syslog.conf authorization assigned to it.
See Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
Use the pfedit command and edit the /etc/syslog.conf file.
You can add or change message sources, priorities, and message locations. For more information, see the syslog.conf(4).
```
$ pfedit /etc/syslog.conf
```
Save the changes.

Example 7 Customizing System Message Logging

This example shows a entry for a /etc/syslog.conf user.emerg facility that sends user emergency messages to root and individual users.

user.emerg                                      `root, *'