How To
Summary
This technote explains how to use rsyslog to send logs from a specific entry to a designated file while allowing all other entries to behave as normal.
Objective
Environment
Steps
First, download rsyslog from the MRS:
IBM MRS Download
2- Install rsyslog
Follow the instructions provided in this technote for installing rsyslog:
IBM AIX: How to Download, Install and Use rsyslog In Place of the Native syslog Logging Service
3- Switch to rsyslog
Once installed, switch from the native syslog to rsyslog using:
-
# syslog_ssw -r
4- Convert Configuration Files
Convert the configuration files from syslog.conf to rsyslog.conf:
-
# syslog_ssw -c /etc/syslog.conf /etc/rsyslog.conf
5- Restart the syslogd Daemon
Restart the syslogd daemon to apply the changes:
-
# stopsrc -s syslogd # startsrc -s syslogd
Verify that rsyslogd is running:
-
# ps -ef | grep -i rsyslog # lssrc -s syslogd
6- Run inetd with Debugging Flag
Ensure that inetd runs with the "-d" flag:
-
# stopsrc -s inetd # startsrc -s inetd -a "-d"
7- Modify rsyslog.conf
Edit the rsyslog.conf file to capture logs from inetd Specifically, "you can use any other daemon or entry instead of inetd, as mentioned above; inetd is just an example"
The rsyslog.conf file should look something like this:
-
aso.notice /var/log/aso/aso.log aso.info /var/log/aso/aso_process.log aso.debug /var/log/aso/aso_debug.loug
The following lines should be added to the beginning of the file and before any other configurations:
-
if $programname == 'inetd' then /var/log/inetd.log & stop
-
if $programname == 'inetd' then /var/log/inetd.log & stop aso.notice /var/log/aso/aso.log aso.info /var/log/aso/aso_process.log aso.debug /var/log/aso/aso_debug.loug
NOTE: This code is explained below in the additional information section.
Create the inetd.log file where the debugging lines will be gathered/routed.
-
cd /var/log touch inetd.log
9- Restart the syslogd Daemon Again
Restart the syslogd daemon to pick up the changes:
-
# stopsrc -s syslogd # startsrc -s syslogd
10- Test the Configuration
Use the logger command to test the setup:
-
# logger -t "inetd" "testing inetd message"
Refresh the inetd daemon, and logs should only be recorded in the /var/log/inetd.log file.
Additional Information
Explanation of the code added:
if $programname == 'inetd' then /var/log/inetd.log
& stop
-
if $programname == 'inetd'- This checks if the source of the log message is the
inetdprogram. The variable$programnameholds the name of the application that generated the log entry.
- This checks if the source of the log message is the
-
then /var/log/inetd.log- If the condition is met (the log is from
inetd), the log message will be directed to/var/log/inetd.log. This creates a dedicated log file for allinetdentries.
- If the condition is met (the log is from
-
& stop- This command tells rsyslog to stop applying any further rules to this log entry after it has been written to
/var/log/inetd.log. This prevents duplicate logging and ensures that theinetdlogs are isolated from other log entries.
- This command tells rsyslog to stop applying any further rules to this log entry after it has been written to
Document Location
Worldwide
Was this topic helpful?
Document Information
More support for:
AIX
Component:
Communication Applications->SYSLOG/RSYSLOG
Software version:
7.2.0, 7.3.0
Document number:
7228867
Modified date:
26 March 2025
UID
ibm17228867