Steps

If rsyslog has not been installed and activated, this will be the first step:

1. Install rsyslog.base which is distributed with the AIX Expansion pack and can also be obtained from the Web Download Pack. (No URL is given here intentionally, because it may change.)

2. All configuration items in /etc/syslog.conf need to be configured in /etc/rsyslog.conf as well. The conversion can be cone automatically with "syslog_ssw -c".

3.  Switch to rsyslog using the command "syslog_ssw -r"

To implement the file monitor for a particular file the following lines need to be added to /etc/rsyslog.conf, like in this example:

$ModLoad imfile
$InputFileName /var/tmp/processlog
$InputFileTag processlog:
$InputFileStateFile /tmp/processlog_state
$InputFileSeverity info
$InputFileFacility local3
$InputRunFileMonitor

The statement "$ModLoad imfile" is required only once, but there may be multiple sections for "$InputFileName ... $InputRunFileMonitor".

The "$InputFileTag" can be used identify the source of the syslog item. "$InputFileSeverity" and "$InputFileFacility" define through which output channels the item is processed further.

The "$InputFileStateFile" serves purposes of rsyslogd and needs not to be present initially.

The syntax described in this section is considered "legacy syntax" by the code owners, and may be deprecated at some time. It is proven to work with the version distributed with the most recent version of the AIX Expansion pack.

After changes have been made to /etc/rsyslog.conf, it is necessary to restart the daemon.