This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0EA7C.4171E460 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > Which info should be added to /etc/syslog.conf, to log all=20 > console messages to /var/adm/messages ? > Why I am asking this question : 1. To get all important messages when the system get crash. 2. To avoid applying Hyperterminal, so instead of connecting a laptop = or a PC, this facility can be used to get all console messages. SUMMARY : -The easiest thing to do is to replace all instances of /dev/console = with /var/adm/messages in syslog.conf.=20 -The unfortunate thing about logging is that sometimes you don't get messages when the system crashes, not because they went to the console = and got lost, but because the system didn't manage to generate any logs = before it died. The step to do : 1. make a backup copy of the original /etc/syslog.conf=20 2. edit /etc/syslog.conf 3. find any lines telling syslog to forward messages to /dev/console or /var/adm/messages=20 4. add the facility.level from the /dev/console line to = /var/adm/messages line=20 Example : Before : *.err;kern.notice;auth.notice<tab>/dev/console *.err;kern.debug;daemon.notice;mail.crit<tab>/var/adm/messages=20 After : *.err;kern.notice;auth.notice<tab>/dev/console =20 *.err;kern.debug;daemon.notice;mail.crit;auth.notice<tab>/var/adm/messag= es=20 Remark : a. Use <tab> between instances and its destination. VERY = IMPORTANT. ONLY USE TABS. b. *.* <tab> /var/adm/messages is "dangerous", as /var/adm/messages = will become unweildy superquick. c. Lines in syslog.conf mean "log this priority or higher" and the priorities, from lowest to highest, are: debug - info - notice - = warning - err - crit - alert - emerg *.debug is lower than *.notice,=20 so it=B4s not necessary to move kern.notice to /var/adm/messages=20 5. save the file 6. kill -HUP 'syslod PID' if running solaris 2.6 or earlier or pkill = -HUP syslogd if running 2.7 or 2.8=20 7. test it by running : logger -p auth.notice "Test to see if this went to messages and = console" Many thanks indeed to :=20 John Hallman [john.hallman@intel.com] Chaos Golubitsky [chaos@glassonion.org] Hamid Ouyachi [btihto@uis.doleta.gov] Mark Lewis [Mark.Lewis@Kinetech.net] Hindley Nick [nick.hindley@lbhf.gov.uk] > Best Regards, .slamet > siemens mobile, casablanca > slamet.fadilah@gsm-siemens.co.ma ------_=_NextPart_001_01C0EA7C.4171E460 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2650.12"> <TITLE>SUMMARY : Log of all console messages</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2 FACE=3D"Tahoma">></FONT><FONT SIZE=3D2 = FACE=3D"Tahoma"> -----Original Message-----</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">> Which info should be added to = /etc/syslog.conf, to log all </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">> console messages to = /var/adm/messages ?</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">></FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Tahoma">Why I am asking this question = :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">1. To get all important messages = when the system get crash.</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">2. To avoid applying Hyperterminal, = so instead of connecting a laptop or a PC, this facility can be used to = get all console messages.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Tahoma">SUMMARY :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">-The easiest thing to do is to = replace all instances of /dev/console with /var/adm/messages in = syslog.conf. </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">-The unfortunate thing about logging = is that sometimes you don't get messages when the system crashes, not = because they went to the console and got lost, but because the system = didn't manage to generate any logs before it died.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Tahoma">The step to do :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">1. make a backup copy of the = original /etc/syslog.conf </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">2. edit /etc/syslog.conf</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">3. find any lines telling syslog to = forward messages to /dev/console or /var/adm/messages </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">4. add the facility.level from the = /dev/console line to /var/adm/messages line </FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Tahoma">Example :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> Before :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> = *.err;kern.notice;auth.notice<tab>/dev/console</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> = *.err;kern.debug;daemon.notice;mail.crit<tab>/var/adm/messages = </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> After :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> = *.err;kern.notice;auth.notice<tab>/dev/console</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> = *.err;kern.debug;daemon.notice;mail.crit;<B>auth.notice</B><tab>/v= ar/adm/messages </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">Remark :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> a. Use = <tab> between instances and its destination. VERY = IMPORTANT. ONLY USE TABS.</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> b. *.* = <tab> /var/adm/messages is "dangerous", as = /var/adm/messages will become unweildy superquick.</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> c. Lines in = syslog.conf mean "log this priority or higher" and the = priorities, from lowest to highest, are: debug - info - notice - = warning - err - crit - alert - emerg</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Tahoma"> *.debug is lower = than *.notice, </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> so it=B4s not = necessary to move kern.notice to /var/adm/messages </FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Tahoma">5. save the file</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">6.</FONT><B> <FONT SIZE=3D2 = FACE=3D"Tahoma">kill -HUP 'syslod PID'</FONT></B> <FONT SIZE=3D2 = FACE=3D"Tahoma">if running solaris 2.6 or earlier or</FONT><B> <FONT = SIZE=3D2 FACE=3D"Tahoma">pkill -HUP syslogd</FONT></B> <FONT SIZE=3D2 = FACE=3D"Tahoma">if running 2.7 or 2.8 </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma">7. test it by running :</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> logger = -p</FONT><B> <FONT SIZE=3D2 FACE=3D"Tahoma">auth.notice</FONT></B> = <FONT SIZE=3D2 FACE=3D"Tahoma">"Test to see if this went to = messages and console" </FONT> </P> <BR> <P><FONT SIZE=3D2 FACE=3D"Tahoma">Many thanks indeed to : </FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> John Hallman = [john.hallman@intel.com]</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> Chaos Golubitsky = [chaos@glassonion.org]</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> Hamid Ouyachi = [btihto@uis.doleta.gov]</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> Mark Lewis = [Mark.Lewis@Kinetech.net]</FONT> <BR><FONT SIZE=3D2 FACE=3D"Tahoma"> Hindley Nick = [nick.hindley@lbhf.gov.uk]<BR> </FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Tahoma">Best Regards,</FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Tahoma">.</FONT><FONT = COLOR=3D"#000000" SIZE=3D2 FACE=3D"Verdana">slamet</FONT> <BR><FONT COLOR=3D"#000000" SIZE=3D1 FACE=3D"Tahoma">siemens</FONT> = <FONT COLOR=3D"#FF0000" SIZE=3D1 FACE=3D"Tahoma">m</FONT><FONT = COLOR=3D"#000000" SIZE=3D1 FACE=3D"Tahoma">obile, casablanca</FONT> <BR><FONT COLOR=3D"#808080" SIZE=3D1 = FACE=3D"Tahoma">slamet.fadilah@gsm-siemens.co.ma</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0EA7C.4171E460--Received on Fri Jun 1 10:21:35 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:56 EDT