Example Configuring an Oracle Solaris Receiver (CLI)

Most operating systems include a syslog receiver, but some configuration steps may be required to turn it on. Consult the documentation for your operating system or management software for specific details of syslog receiver configuration.

Oracle Solaris includes a bundled syslogd that can act as a syslog receiver, but the remote receive capability is disabled by default. To enable Oracle Solaris to receive syslog traffic, use svccfg and svcadm to modify the syslog settings as follows:

# svccfg -s system/system-log setprop config/log_from_remote = true
# svcadm restart system/system-log

The Oracle Solaris syslogd only understands the classic Syslog protocol. Refer to the Oracle Solaris syslog.conf(4) man page for information on how to configure filtering and logging of the received messages.

By default, Oracle Solaris syslogd records messages to /var/adm/messages and a test alert would be recorded as follows:

Aug 14 21:34:22 poptart.example.us.com poptart ak: SUNW-MSG-ID: AK-8000-LM, \
TYPE: alert, VER: 1, SEVERITY: Minor\nEVENT-TIME: Wed Aug 14 21:34:22 2019\n\
PLATFORM: i86pc, CSN: 12345678, HOSTNAME: poptart\n\
SOURCE: jsui.359, REV: 1.0\n\
EVENT-ID: 92dfeb39-6e15-e2d5-a7d9-dc3e221becea\n\
DESC: A test alert has been posted.\n\
AUTO-RESPONSE: None.\nIMPACT: None.\nREC-ACTION: None.