IBM Certification Guide AIX V4.3 System Administration

9.4 The syslogd Daemon

The syslogd daemon reads a datagram socket and sends each message line to a destination described by the /etc/syslog.conf configuration file. The syslogd daemon reads the configuration file when it is activated and when it receives a hangup signal. The syslogd daemon provides the syslog function for AIX.

9.4.1 Starting the syslogd Daemon

The syslogd daemon is started during system IPL by srcmstr. The stanza in ODM is shown as follows in Figure 82.

Figure 82: Syslogd Stanza in ODM

9.4.2 syslog Configuration File

The configuration file informs the syslogd daemon where to send a system message depending on the message's priority level and the facility that generated it.

If you do not use the -f flag to specify an alternate configuration file, the default configuration file /etc/syslog.conf file is used.

The syslogd daemon ignores blank lines and lines beginning with a # (pound sign).

Lines in the configuration file for the syslogd daemon contain a selector field and an action field separated by one or more tabs.

The selector field names a facility and a priority level. Separate facility names with a , (comma). Separate the facility and priority-level portions of the selector field with a . (period). Separate multiple entries in the same selector field with a ; (semicolon). To select all facilities, use an * (asterisk).

The action field identifies a destination (file, host, or user) to receive the messages. If routed to a remote host, the remote system will handle the message as indicated in its own configuration file. To display messages on a user's terminal, the destination field must contain the name of a valid, logged-in system user.

The last part of the default /etc/syslog.conf is shown in Figure 83.

Figure 83: Sample syslog Configuration File

If you decide to capture the warning messages from all users in the /var/spool/syslog file, you should do the following:

Add the following line to the /etc/syslog.conf file as the last line of the file.
```
*.warning            /var/spool/syslog
```
Create the /var/spool/syslog file.
```
touch /var/spool/syslog
```
Change the permission bits of /var/spool/syslog so that all users are allowed to write warning messages to this file.
```
chmod 666 /var/spool/syslog
```
Refresh the syslogd daemon to make the update to syslog configuration file effective.
```
refresh -s syslogd
```

9.4.3 Recycling the syslogd Daemon

The syslogd daemon reads the configuration file when it is activated and when it receives a hangup signal. You can recycle the syslogd daemon by stopping and then starting it.

stopsrc -s syslogd
startsrc -s syslogd

Alternatively, you can refresh the syslogd daemon by sending a HUP signal.

ps -ef |grep syslogd
Note the PID of the syslogd process, for example, 5682.
kill -1 5682

9.4.4 Collecting syslog Data from Multiple Systems

The syslogd daemon logs messages received from remote hosts unless you use the -r flag to suppress it.

In the /etc/syslog.conf of the remote hosts, instead of specifying the full path name of the file for logging message for the destination part, put in @Host where Host is the hostname of the remote system.

9.5 Refreshing a Daemon