IBM Support

IBM AIX: How to Store Error Log (errpt) messages in Local and Remote syslog Files

How To


Summary

AIX uses "errpt" as its default Hardware and Software error-logging facility, which records failures locally for failure detection and correction.

In this document, we discuss how to use AIX Error Notification facility to store errpt error messages in syslog files.

Objective

While syslog is commonly used as powerful system logging facility, it has a fatal weakness in that it gets started too late in the system boot sequence: when the network get started. That means that it could miss significant events such as sysplanar errors and hardware failures.
Although errpt is just a local error reporting facility, it starts too early at phase 3 of system initialization process. Way before syslog daemon.
See the following snippet from /etc/inittab file, which explains when each logging facility gets started:
nit:2:initdefault:
brc::sysinit:/sbin/rc.boot 3 >/dev/console 2>&1 # Phase 3 of system boot    <---- "errpt" starts here
powerfail::powerfail:/etc/rc.powerfail 2>&1 | /usr/bin/alog -tboot > /dev/console # Power Failure Detection
tunables:23456789:wait:/usr/sbin/tunrestore -R > /dev/console 2>&1 # Set tunables
securityboot:2:bootwait:/etc/rc.security.boot > /dev/console 2>&1
rc:23456789:wait:/etc/rc 2>&1 | /usr/bin/alog -tboot > /dev/console # Multi-User checks
rcemgr:23456789:once:/usr/sbin/emgr -B > /dev/null 2>&1
srcmstr:23456789:respawn:/usr/sbin/srcmstr # System Resource Controller
rctcpip:23456789:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons <---- "syslog" starts here
aso:23456789:once:/usr/bin/startsrc -s aso
rcnfs:23456789:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS Daemons
Since both logging facilities have advantages over one another, it is useful for system administrator to incorporate both to store logs at one place, and hence this document.

Steps

Use Error Notification ODM object class (at /etc/objrepos/errnotify) along with logger command to implement that, as follows:
1. Since Error Notification class name is errnotify, create a temporary file /tmp/errnotify.add with the following content, which represents the errnotify ODM object we need:
errnotify:
        en_name = "syslog1"
        en_persistenceflg = 1
        en_method = logger "Msg from Error Log: `errpt -l $1 | grep -v 'IDENTIFIER TIMESTAMP'`"
2. Import the errnotify object to the ODM:
# odmadd /tmp/errnotify.add
3. Verify errnotify object named syslog1 is added to the ODM:
# odmget -q "en_name='syslog1'" errnotify

errnotify:
        en_pid = 0
        en_name = "syslog1"
        en_persistenceflg = 1
        en_label = ""
        en_crcid = 0
        en_class = ""
        en_type = ""
        en_alertflg = ""
        en_resource = ""
        en_rtype = ""
        en_rclass = ""
        en_symptom = ""
        en_err64 = ""
        en_dup = ""
        en_method = logger "Msg from Error Log: `errpt -l $1 | grep -v 'IDENTIFIER TIMESTAMP'`"
4.Append the following line to /etc/syslog.conf file:
user.notice /var/log/errpt.log
5. Create the log file and refresh syslogd:
# touch /var/log/errpt.log
# refresh -s syslogd
6.Error log (errpt) events display as follows:
Oct 13 19:42:55 tcp58 user:notice root: Msg from Error Log: E87EF1BE   1008150022 P O dumpcheck      The largest dump device is too small.
7.Now that everything works fine on the localhost, append the following line to /etc/syslog.conf file to allow for remote logging:
user.notice @<hostname/IP address>
8.Refresh syslogd to reread syslog.conf file:
# refresh -s syslogd
Note:
  • syslogd on the remote host, needs to be configured to log events of the facility "user" and severity "notice" in order for log messages to reach its remote destination .
SUPPORT

If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  

1.  Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2.  Capture any logs or data relevant to the situation.

3.  Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4.  Provide a clear, concise description of the issue.

5.  If the system is accessible, collect a system snap, and upload all of the details and data for your case.

 - For guidance, see: Working with IBM AIX Support: Collecting snap data

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvxuAAA","label":"Communication Applications-\u003ESYSLOG\/RSYSLOG"}],"ARM Case Number":"TS009630910","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
13 October 2022

UID

ibm16829381

Page Feedback