IBM Support

AIX: Using rsyslog to send cron log (or any other log) to a remote system

How To


Summary

This document is intended for anyone who wants to send the cron log file of their AIX system to a remote system by using the syslog protocol. The same method could be used to send any log desired.

Steps

On AIX, cron does not use syslog to write its log output; it writes to a local file only.

By default, cron logs its output to /var/adm/cron/log, although the log file name and location can be modified in /etc/cronlog.conf.

However, f you switch your system to use the rsyslog logging daemon, it allows you to configure it to take the contents of your cron log file and send it to a remote system.

WARNING - before you begin, it would be wise to back up your cron log file to a safe location, and then truncate it to zero bytes. Otherwise, on startup, rsyslog dumps out the entire contents of the cron log file to your specified location. Years worth of data could be sent if you don't regularly manage the size of the log.

To start, rsyslog can be downloaded from the AIX Web Download Pack:


To configure your system to use rsyslog in place of syslog, run:

/usr/sbin/syslog_ssw -r

The syslog_ssw command modifies the syslogd subsystem ODM entry to reference rsyslogd instead of syslogd, and automatically restarts the syslogd subsystem to get rsyslogd running.

Now /etc/rsyslog.conf is the configuration file that is used to set your rsyslog configuration. The following command can be used to convert your existing syslog.conf entries and put them in rsyslog.conf:

/usr/sbin/syslog_ssw -c


To configure it to monitor your cron log file, add the following stanza. Assuming that cron is logging to the default /var/adm/cron/log location, and that you would like this log file to be written with the 'local7' facility and the severity of 'info':


module(load="imfile" mode="inotify" PollingInterval="60")
input(type="imfile"
File="/var/adm/cron/log"
Tag=""
Severity="info"
Facility="local7")

Option PollingInterval indicates the interval, in seconds, you want rsyslog to check for new entries to the file. 

You can then add an entry to send this cron log output to a remote hostname or IP address:

local7.info @<hostname or IP addr>


Next, run:

stopsrc -s syslogd
startsrc -s syslogd 


You will now see that cron log entries on this system are sent to the remote system you have configured, assuming that the remote system's syslog daemon is configured to log 'local7.info' entries.

Although this tech note is written with regard to cron's log file, you can use the same method for sending any other log file output to a remote system. Wildcards are allowed in the 'File' entry, so you can use them to specify multiple files in one stanza.

For further information and configuration possibilities, consult rsyslog documentation at: https://www.rsyslog.com/doc/v8-stable/
 

Document Location

Worldwide


[{"Type":"none","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvxuAAA","label":"Communication Applications-\u003ESYSLOG\/RSYSLOG"}],"ARM Case Number":"TS005004993","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

More support for:
AIX

Component:
Communication Applications->SYSLOG/RSYSLOG

Software version:
All Version(s)

Document number:
6441471

Modified date:
29 August 2024

UID

ibm16441471

Manage My Notification Subscriptions