TechNet
Export (0) Print
Expand All

How to Configure Solaris Syslog

Updated: December 17, 2009

Applies To: Operations Manager 2007 R2

For Solaris computers, required audit activity is not logged. The logging configuration is controlled by the configuration file located at /etc/syslog.conf.

To enable event logging on Solaris computers

  1. Add the code:

    # Log basic authentication (su, etc) to /var/log/authlog for ACS
    auth.info;local2.info                           /var/log/authlog 
    

    to the existing configuration file found at /etc/syslog.conf.

    noteNote
    Use the TAB key to separate log components from log file names. Spaces do not work.

    The following code example shows a Syslog.conf file for a Solaris computer. The modified portions of the file are indicated for clarity.

    #ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
    #
    # Copyright (c) 1991-1998 by Sun Microsystems, Inc.
    # All rights reserved.
    #
    # syslog configuration file.
    #
    # This file is processed by m4 so be careful to quote (`') names
    # that match m4 reserved words.  Also, within ifdef's, arguments
    # containing commas must be quoted.
    #
    *.err;kern.notice;auth.notice                   /dev/sysmsg
    *.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
    # Log basic authentication (su, etc) to /var/log/authlog for ACS
    auth.info;local2.info                           /var/log/authlog
    
    *.alert;kern.err;daemon.err                     operator
    *.alert                                         root
    *.emerg                                         *
    
    # if a non-loghost machine chooses to have authentication messages
    # sent to the loghost machine, un-comment out the following line:
    #auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)
    mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)
    
    #
    # non-loghost machines will use the following lines to cause "user"
    # log messages to be logged locally.
    #
    ifdef(`LOGHOST', ,
    user.err                                        /dev/sysmsg
    user.err                                        /var/adm/messages
    user.alert                                      `root, operator'
    user.emerg                                      *)
    
  2. Restart the Syslog daemon.

    On Solaris 5.8 and 5.9, at the command prompt, enter /etc/init.d/syslog stop, followed by /etc/init.d/syslog start.

    On Solaris 5.10, at the command prompt, enter svcadm refresh svc:/system/system-log.

You will now have to enable the appropriate Cross Platform ACS Solaris management pack rules as described in How to Enable ACS Rules.

Community Additions

ADD
Show:
© 2016 Microsoft