Virtual logs

The Virtual I/O Server > (VIOS ) administrator creates and manages the log files, and they are presented to the AIX® operating system as virtual log devices in the /dev directory, similar to the virtual disks or virtual optical media.

Storing log files as virtual logs increases the level of trust in the records because they cannot be changed by a user with root privileges on the client LPAR where they were generated. Multiple virtual log devices can be attached to the same client LPAR and each log is a different file in the /dev directory.

Trusted Logging lets log data from multiple client LPARs be consolidated into a single file system, which is accessible from the VIOS . Therefore, the VIOS provides a single location on the system for log analysis and archival. The client LPAR administrator can configure applications and the AIX operating system to write data to the virtual log devices, which is similar to writing data to the local files. The AIX Audit subsystem can be configured to direct the audit records to virtual logs, and other AIX services, such as syslog, work with their existing configuration to direct data to virtual logs.

The names of the two components can be set by the VIOS administrator to any value, but the client name is typically the same for all virtual logs that are attached to a given LPAR (for example, the host name of the LPAR ). The log name is used to identify the purpose of the log (for example, audit or syslog).

On an AIX LPAR , each virtual log device is present as two functionally equivalent files in the /dev file system. The first file is named after the device, for example, /dev/vlog0, and the second file is named by concatenating a vl prefix with the log name and the device number. For example, if the virtual log device vlog0 has audit as the log name, it is present in the /dev file system as both vlog0 and vlaudit0.