How to Configure Solaris Syslog
Updated: December 17, 2009
Applies To: Operations Manager 2007 R2
For Solaris computers, required audit activity is not logged. The logging configuration is controlled by the configuration file located at /etc/syslog.conf.
To enable event logging on Solaris computers
Add the code:
# Log basic authentication (su, etc) to /var/log/authlog for ACS auth.info;local2.info /var/log/authlog
to the existing configuration file found at /etc/syslog.conf.
Note Use the TAB key to separate log components from log file names. Spaces do not work.
The following code example shows a Syslog.conf file for a Solaris computer. The modified portions of the file are indicated for clarity.
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages # Log basic authentication (su, etc) to /var/log/authlog for ACS auth.info;local2.info /var/log/authlog *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg *)
Restart the Syslog daemon.
On Solaris 5.8 and 5.9, at the command prompt, enter /etc/init.d/syslog stop, followed by /etc/init.d/syslog start.
On Solaris 5.10, at the command prompt, enter svcadm refresh svc:/system/system-log.
You will now have to enable the appropriate Cross Platform ACS Solaris management pack rules as described in How to Enable ACS Rules.