To Configure syslogd |
 |
The Internet daemons and servers log informational and error
messages through syslog. You can monitor these messages by running syslogd. You can determine the type and extent of monitoring
through syslogd's configuration file, /etc/syslog.conf.
Each line in /etc/syslog.conf has a "selector" and an "action".
The selector tells which part of the system generated the message
and what priority the message has. The action specifies where the
message should be sent.
The part of the selector that tells where a message comes
from is called the "facility". All Internet daemons
and servers, except sendmail, log messages to the daemon facility. sendmail logs messages to the mail facility. syslogd logs messages to the syslog facility. You may indicate all facilities in the
configuration file with an asterisk (*).
The part of the selector that tells what priority a message
has is called the "level". Selector levels are debug, information, notice, warning, error, alert, emergency, and critical. A message must be at or above the level you specify
in order to be logged.
The "action" allows you to specify where
messages should be directed. You can have the messages directed
to files, users, the console, or to a syslogd running on another host.
The following is the default configuration for /etc/syslog.conf:
mail.debug /var/adm/syslog/mail.log
*.info,mail.none /var/adm/syslog/syslog.log
*.alert *.alert /det/console root
*.emerg * |
With this configuration, all mail log messages at the debug level or higher are sent to /var/adm/syslog/mail.log. Log messages from any facility at the information level or higher (but no mail messages) are sent
to /var/adm/syslog/syslog.log. Log messages from any facility at the alert level or higher are sent to the console and any
terminal where the superuser is logged in. All messages at the emergency level or higher are sent to all users on the system.
For more information about syslogd and its configuration file, type man 3C syslog or man 1M syslogd at the HP-UX prompt.
To Maintain System
Log Files |
|
The log files specified in your syslogd configuration can fill up your disk if you do
not monitor their size. To control the size of these files, do the following:
Remove or rename your log files as in the following example:
cd /var/adm/syslog
mv mail.log mail.log.old
mv syslog.log sylog.log.old |
Restart syslogd with the following commands:
cd /sbin/init.d
syslogd stop
syslogd start |
When you reboot your system, each log file is moved to filename.old automatically, and new log files are started.
To Configure inetd
Connection Logging |
|
The inetd daemon can log connection requests through syslogd. It logs successful connections at the information level and unsuccessful connection attempts at
the notice level. By default, inetd starts up with connection logging turned off.
If inetd is running with connection logging turned off,
issue the following command to start it:
If inetd is running with connection logging turned on,
the same command turns it off. For more information, type man 1M inetd.
To Configure ftpd Session
Logging |
|
To configure ftpd to log messages about an ftp session, including commands,
logins, login failures, and anonymous ftp activity, follow these steps:
Add the -L option to the ftp line in the /etc/inetd.conf file, as in the following example:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -L |
Issue the following command to force inetd to read its configuration file:
For more information, type man 1M ftpd at the HP-UX prompt. Included in this man page
is a complete list of error messages.
For more information on logging ftp file transfer information,
see “Configuring Logging for ftp”.
