Export (0) Print
Expand All

How to Configure Solaris Syslog

Updated: December 17, 2009

Applies To: Operations Manager 2007 R2

For Solaris computers, required audit activity is not logged. The logging configuration is controlled by the configuration file located at /etc/syslog.conf.

To enable event logging on Solaris computers

  1. Add the code:

    # Log basic authentication (su, etc) to /var/log/authlog for ACS
    auth.info;local2.info                           /var/log/authlog 
    

    to the existing configuration file found at /etc/syslog.conf.

    noteNote
    Use the TAB key to separate log components from log file names. Spaces do not work.

    The following code example shows a Syslog.conf file for a Solaris computer. The modified portions of the file are indicated for clarity.

    #ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
    #
    # Copyright (c) 1991-1998 by Sun Microsystems, Inc.
    # All rights reserved.
    #
    # syslog configuration file.
    #
    # This file is processed by m4 so be careful to quote (`') names
    # that match m4 reserved words.  Also, within ifdef's, arguments
    # containing commas must be quoted.
    #
    *.err;kern.notice;auth.notice                   /dev/sysmsg
    *.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
    # Log basic authentication (su, etc) to /var/log/authlog for ACS
    auth.info;local2.info                           /var/log/authlog
    
    *.alert;kern.err;daemon.err                     operator
    *.alert                                         root
    *.emerg                                         *
    
    # if a non-loghost machine chooses to have authentication messages
    # sent to the loghost machine, un-comment out the following line:
    #auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
    mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)
    
    #
    # non-loghost machines will use the following lines to cause "user"
    # log messages to be logged locally.
    #
    ifdef(`LOGHOST', ,
    user.err                                        /dev/sysmsg
    user.err                                        /var/adm/messages
    user.alert                                      `root, operator'
    user.emerg                                      *)
    
  2. Restart the Syslog daemon.

    On Solaris 5.8 and 5.9, at the command prompt, enter /etc/init.d/syslog stop, followed by /etc/init.d/syslog start.

    On Solaris 5.10, at the command prompt, enter svcadm refresh svc:/system/system-log.

You will now have to enable the appropriate Cross Platform ACS Solaris management pack rules as described in How to Enable ACS Rules.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft