|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: Common Tasks Oracle Solaris 11 Information Library|
The following sections describe system messaging features in Oracle Solaris.
System messages display on the console device. The text of most system messages look like this:
[ID msgid facility.priority]
[ID 672855 kern.notice] syncing file systems...
If the message originated in the kernel, the kernel module name is displayed. For example:
Oct 1 14:07:24 mars ufs: [ID 845546 kern.notice] alloc: /: file system full
panic: error message
Watchdog reset !
The error logging daemon, syslogd, automatically records various system warnings and errors in message files. By default, many of these system messages are displayed on the system console and are stored in the /var/adm directory. You can direct where these messages are stored by setting up system message logging. For more information, see Customizing System Message Logging. These messages can alert you to system problems, such as a device that is about to fail.
The /var/adm directory contains several message files. The most recent messages are in /var/adm/messages file (and in messages.*), and the oldest are in the messages.3 file. After a period of time (usually every ten days), a new messages file is created. The messages.0 file is renamed messages.1, messages.1 is renamed messages.2, and messages.2 is renamed messages.3. The current /var/adm/messages.3 file is deleted.
Because the /var/adm directory stores large files containing messages, crash dumps, and other data, this directory can consume lots of disk space. To keep the /var/adm directory from growing too large, and to ensure that future crash dumps can be saved, you should remove unneeded files periodically. You can automate this task by using the crontab file. For more information about automating this task, see How to Delete Crash Dump Files and Chapter 14, Scheduling System Tasks (Tasks).
Or, use the more command to display one screen of messages at a time.
$ more /var/adm/messages
Example 19-1 Viewing System Messages
$ dmesg Mon Sep 13 14:33:04 MDT 2010 Sep 13 11:06:16 sr1-ubrm-41 svc.startd: [ID 122153 daemon.warning] ... Sep 13 11:12:55 sr1-ubrm-41 last message repeated 398 times Sep 13 11:12:56 sr1-ubrm-41 svc.startd: [ID 122153 daemon.warning] ... Sep 13 11:15:16 sr1-ubrm-41 last message repeated 139 times Sep 13 11:15:16 sr1-ubrm-41 xscreensaver: ,,, Sep 13 11:15:16 sr1-ubrm-41 xscreensaver: ... Sep 13 11:15:17 sr1-ubrm-41 svc.startd: [ID 122153 daemon.warning]... . . .
For more information, see the dmesg(1M) man page.
System log files are rotated by the logadm command from an entry in the root crontab file. The /usr/lib/newsyslog script is no longer used.
The system log rotation is defined in the /etc/logadm.conf file. This file includes log rotation entries for processes such as syslogd. For example, one entry in the /etc/logadm.conf file specifies that the /var/log/syslog file is rotated weekly unless the file is empty. The most recent syslog file becomes syslog.0, the next most recent becomes syslog.1, and so on. Eight previous syslog log files are kept.
The /etc/logadm.conf file also contains time stamps of when the last log rotation occurred.
You can use the logadm command to customize system logging and to add additional logging in the /etc/logadm.conf file as needed.
For example, to rotate the Apache access and error logs, use the following commands:
# logadm -w /var/apache/logs/access_log -s 100m # logadm -w /var/apache/logs/error_log -s 10m
In this example, the Apache access_log file is rotated when it reaches 100 MB in size, with a .0, .1, (and so on) suffix, keeping 10 copies of the old access_log file. The error_log is rotated when it reaches 10 MB in size with the same suffixes and number of copies as the access_log file.
The /etc/logadm.conf entries for the preceding Apache log rotation examples look similar to the following:
# cat /etc/logadm.conf . . . /var/apache/logs/error_log -s 10m /var/apache/logs/access_log -s 100m
For more information, see logadm(1M).
You can use the logadm command as superuser or by assuming an equivalent role (with Log Management rights). With RBAC, you can grant non-root users the privilege of maintaining log files by providing access to the logadm command.
For example, add the following entry to the /etc/user_attr file to grant user andy the ability to use the logadm command:
You can capture additional error messages that are generated by various system processes by modifying the /etc/syslog.conf file. By default, the /etc/syslog.conf file directs many system process messages to the /var/adm/messages files. Crash and boot messages are stored here as well. To view /var/adm messages, see How to View System Messages.
The /etc/syslog.conf file has two columns separated by tabs:
facility.level ... action
A facility or system source of the message or condition. May be a comma-separated listed of facilities. Facility values are listed in Table 19-2. A level, indicates the severity or priority of the condition being logged. Priority levels are listed in Table 19-3.
Do not put two entries for the same facility on the same line, if the entries are for different priorities. Putting a priority in the syslog file indicates that all messages of that all messages of that priority or higher are logged, with the last message taking precedence. For a given facility and level, syslogd matches all messages for that level and all higher levels.
The action field indicates where the messages are forwarded.
user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg *
This means the following user messages are automatically logged:
User errors are printed to the console and also are logged to the /var/adm/messages file.
User messages requiring immediate action (alert) are sent to the root and operator users.
User emergency messages are sent to individual users.
Note - Placing entries on separate lines might cause messages to be logged out of order if a log target is specified more than once in the /etc/syslog.conf file. Note that you can specify multiple selectors in a single line entry, each separated by a semicolon.
The most common error condition sources are shown in the following table. The most common priorities are shown in Table 19-3 in order of severity.
Table 19-2 Source Facilities for syslog.conf Messages
Table 19-3 Priority Levels for syslog.conf Messages
Example 19-2 Customizing System Message Logging
This sample /etc/syslog.conf user.emerg facility sends user emergency messages to the root user and individual users.
user.emerg `root, *'
The following new console features improve your ability to troubleshoot remote systems:
The consadm command enables you to select a serial device as an auxiliary (or remote) console. Using the consadm command, a system administrator can configure one or more serial ports to display redirected console messages and to host sulogin sessions when the system transitions between run levels. This feature enables you to dial in to a serial port with a modem to monitor console messages and participate in init state transitions. (For more information, see sulogin(1M) and the step-by-step procedures that follow.)
While you can log in to a system using a port configured as an auxiliary console, it is primarily an output device displaying information that is also displayed on the default console. If boot scripts or other applications read and write to and from the default console, the write output displays on all the auxiliary consoles, but the input is only read from the default console. (For more information about using the consadm command during an interactive login session, see Using the consadm Command During an Interactive Login Session.)
Console output now consists of kernel and syslog messages written to a new pseudo device, /dev/sysmsg. In addition, rc script startup messages are written to /dev/msglog. Previously, all of these messages were written to /dev/console.
Scripts that direct console output to /dev/console need to be changed to /dev/msglog if you want to see script messages displayed on the auxiliary consoles. Programs referencing /dev/console should be explicitly modified to use syslog() or strlog() if you want messages to be redirected to an auxiliary device.
The consadm command runs a daemon to monitor auxiliary console devices. Any display device designated as an auxiliary console that disconnects, hangs up or loses carrier, is removed from the auxiliary console device list and is no longer active. Enabling one or more auxiliary consoles does not disable message display on the default console; messages continue to display on /dev/console.
Keep the following in mind when using auxiliary console messaging during run level transitions:
Input cannot come from an auxiliary console if user input is expected for an rc script that is run when a system is booting. The input must come from the default console.
The sulogin program, invoked by init to prompt for the superuser password when transitioning between run levels, has been modified to send the superuser password prompt to each auxiliary device in addition to the default console device.
When the system is in single-user mode and one or more auxiliary consoles are enabled using the consadm command, a console login session runs on the first device to supply the correct superuser password to the sulogin prompt. When the correct password is received from a console device, sulogin disables input from all other console devices.
A message is displayed on the default console and the other auxiliary consoles when one of the consoles assumes single-user privileges. This message indicates which device has become the console by accepting a correct superuser password. If there is a loss of carrier on the auxiliary console running the single-user shell, one of two actions might occur:
If the auxiliary console represents a system at run level 1, the system proceeds to the default run level.
If the auxiliary console represents a system at run level S, the system displays the ENTER RUN LEVEL (0-6, s or S): message on the device where the init s or shutdown command had been entered from the shell. If there isn't any carrier on that device either, you will have to reestablish carrier and enter the correct run level. The init or shutdown command will not re-display the run-level prompt.
If you are logged in to a system using a serial port, and an init or shutdown command is issued to transition to another run level, the login session is lost whether this device is the auxiliary console or not. This situation is identical to releases without auxiliary console capabilities.
Once a device is selected as an auxiliary console using the consadm command, it remains the auxiliary console until the system is rebooted or the auxiliary console is unselected. However, the consadm command includes an option to set a device as the auxiliary console across system reboots. (See the following procedure for step-by-step instructions.)
If you want to run an interactive login session by logging in to a system using a terminal that is connected to a serial port, and then using the consadm command to see the console messages from the terminal, note the following behavior:
If you use the terminal for an interactive login session while the auxiliary console is active, the console messages are sent to the /dev/sysmsg or /dev/msglog devices.
While you issue commands on the terminal, input goes to your interactive session and not to the default console (/dev/console).
If you run the init command to change run levels, the remote console software kills your interactive session and runs the sulogin program. At this point, input is accepted only from the terminal and is treated like it's coming from a console device. This allows you to enter your password to the sulogin program as described in Using Auxiliary Console Messaging During Run Level Transitions.
Then, if you enter the correct password on the (auxiliary) terminal, the auxiliary console runs an interactive sulogin session, locks out the default console and any competing auxiliary console. This means the terminal essentially functions as the system console.
From here you can change to run level 3 or go to another run level. If you change run levels, sulogin runs again on all console devices. If you exit or specify that the system should come up to run level 3, then all auxiliary consoles lose their ability to provide input. They revert to being display devices for console messages.
As the system is coming up, you must provide information to rc scripts on the default console device. After the system comes back up, the login program runs on the serial ports and you can log back into another interactive session. If you've designated the device to be an auxiliary console, you will continue to get console messages on your terminal, but all input from the terminal goes to your interactive session.
The consadm daemon does not start monitoring the port until after you add the auxiliary console with the consadm command. As a security feature, console messages are only redirected until carrier drops, or the auxiliary console device is unselected. This means carrier must be established on the port before you can successfully use the consadm command.
For more information about enabling an auxiliary console, see the consadm(1m) man page.
# consadm -a devicename
Example 19-3 Enabling an Auxiliary (Remote) Console
# consadm -a /dev/term/a # consadm /dev/term/a
# consadm -a -p devicename
This adds the device to the list of persistent auxiliary consoles.
Example 19-4 Enabling an Auxiliary (Remote) Console Across System Reboots
# consadm -a -p /dev/term/a # consadm /dev/term/a
Example 19-5 Disabling an Auxiliary (Remote) Console
# consadm -d /dev/term/a # consadm