You can capture additional error messages that are generated by various system processes by modifying the /etc/syslog.conf file. By default, the /etc/syslog.conf file directs many system process messages to the /var/adm/messages files. Crash and boot messages are stored here as well. To view /var/adm messages, see How to View System Messages.
The /etc/syslog.conf file has two columns separated by tabs:
facility.level ... action |
A facility or system source of the message or condition. May be a comma-separated listed of facilities. Facility values are listed in Table 15–1. A level, indicates the severity or priority of the condition being logged. Priority levels are listed in Table 15–2.
Do not put two entries for the same facility on the same line, if the entries are for different priorities. Putting a priority in the syslog file indicates that all messages of that all messages of that priority or higher are logged, with the last message taking precedence. For a given facility and level, syslogd matches all messages for that level and all higher levels.
The action field indicates where the messages are forwarded.
The following example shows sample lines from a default /etc/syslog.conf file.
user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * |
This means the following user messages are automatically logged:
User errors are printed to the console and also are logged to the /var/adm/messages file.
User messages requiring immediate action (alert) are sent to the root and operator users.
User emergency messages are sent to individual users.
Placing entries on separate lines might cause messages to be logged out of order if a log target is specified more than once in the /etc/syslog.conf file. Note that you can specify multiple selectors in a single line entry, each separated by a semi-colon.
The most common error condition sources are shown in the following table. The most common priorities are shown in Table 15–2 in order of severity.
Table 15–1 Source Facilities for syslog.conf Messages
Source |
Description |
---|---|
kern |
The kernel |
auth |
Authentication |
daemon |
All daemons |
|
Mail system |
lp |
Spooling system |
user |
User processes |
The number of syslog facilities that can be activated in the /etc/syslog.conf file is unlimited.
Priority |
Description |
---|---|
emerg |
System emergencies |
alert |
Errors requiring immediate correction |
crit |
Critical errors |
err |
Other errors |
info |
Informational messages |
debug |
Output used for debugging |
none |
This setting doesn't log output |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Edit the /etc/syslog.conf file, adding or changing message sources, priorities, and message locations according to the syntax described in syslog.conf(4).
Exit the file, saving the changes.
This sample /etc/syslog.conf user.emerg facility sends user emergency messages to root and individual users.
user.emerg `root, *' |