This content has been marked as final. Show 12 replies
'logger' is a way to send a message to syslog with whatever facility and priority you want.
You can run syslogd in debug mode to see some of the configuration stuff, but your setup seems rather simple.
logger -p auth.notice your message
You can run 'snoop' on the interface to see if you see syslog packets leaving the server
Is it possible your remote syslog server is not listening for remote syslog information?
snoop udp port 514
Just a small precision to be sure we are in the good way. You have to put at least one <tab> ( no space )
between the facility.level and the action field. So if I take the good suggestion of Darren, you have to put.
Otherwise you will have an error " unknown priority name" (just tested) or will not work anyway.
@robert.cohen : really nice!!! surely I will use this.
I have same issue; if I set the *.info (all events) the remote logon attempt is received by my syslog server as system3.info
However cannot find a match for system3 in the list of allowed facilities.
if i use the auth.info I can recieve messages when the su command is used remotely and when Root logs on locally.
Can someone suggest the correct field to send remote connection attempts?
try auth.debugtab>@loghost-ip or auth.info<tab>@loghost-ip
# cat syslog.conf
Edited by: MangoJ on Jul 1, 2009 12:54 AM
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" / *SunOS 5.0* / # # syslog configuration file. #----- # Solaris 10 - Syslog #----- # *.err;kern.notice;auth.notice /dev/sysmsg* .info;kern.debug;mail.none;auth.none;cron.none;local0.none;local1.none;local2.none;local3.none;local4.none;local5.none;local6.none;local7.none; /var/adm/messages *.debug @<ip 1> *.debug @<ip 2> local0.info /var/adm/localmessages.log local1.info /var/adm/localmessages.log local2.info /var/adm/localmessages.log local3.info /var/adm/localmessages.log local4.info /var/adm/localmessages.log local5.info /var/adm/localmessages.log local6.info /var/adm/localmessages.log local7.info /var/adm/localmessages.log auth.info /var/adm/authlog # cron.info /var/adm/cron.log mail.debug /var/adm/mail *.alert;kern.err;daemon.err operator* .alert root *.emerg* ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * )
Edited by: MangoJ on Jul 1, 2009 12:55 AM