Configuring the probe
After installing the probe, you need to make various configuration settings to suit your environment.
To send all messages to either a log file or a named pipe
(a FIFO), you must modify the /etc/syslog.conf file.
By default, the probe will attempt to read a message from a log file
called /var/log/ncolog. To set syslog to
write to this file, add the following line to the /etc/syslog.conf file:
*.debug /var/adm/ncolog To forward syslog messages to a remote syslog logger, you must prepend the server name with an at symbol (@); for example:
*.debug @logserver
The @ symbol denotes that messages must be forwarded to a remote host, the name of which must be defined in the /etc/hosts file. The Syslogd Probe listens on port 514 for Syslog messages that are forwarded from other machines. The machine must to be configured as above to send events to probe.
/etc/syslog.conf file.
If it is, it will activate
a bug in syslog, where it attempts a check on the first file in the
first entry in the /etc/syslog.conf file, and this
will make the syslogd system unstable. Also note that some implementations
of syslogd are limited to 20 valid entries in the /etc/syslog.conf file.The
line specified will write all syslogd messages to the file. It is
also possible to configure syslogd to only write particular messages
to the file. Refer to the UNIX online manual pages for syslogd.conf for
more details. If you wish to configure the probe to read from a named
pipe instead of a log file, it will be necessary to create this named
pipe before starting the probe. To do this, you must to issue a mknod command
at the UNIX prompt. For example, if you wish the named
pipe used by syslogd and
the Syslogd Probe to
be /var/adm/nco you must run the following command:
mknod /var/adm/nco pRefer
to the UNIX online manual pages for mknod for
further details.