How can we get specific messages from the Solaris syslog into the Event console?

Document ID : KB000052240
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

On UNIX or Linux platforms, by default Event Management reads from a named pipe attached to syslogd. Following the instructions given in this technical doc, syslog messages that are sent to the Event Management console can be narrowed down according to type or priority.

Solution:

To filter messages from /var/adm/messages to the Event Console

  1. First you must identify which messages from the syslog you want to send to the Event Console.

  2. After this is decided, you must modify the syslog.conf file to tell the syslog daemon to send these messages to a file.

    Example: *.err;kern.debug;auth.notice /dev/console

    The above line causes all error messages, all kernel debug messages, and all notice messages generated by the authorization system to be printed on /tmp/syslog.custom.

    Note: kern.debug means all messages of priority debug and above.

  3. Now that these messages have been appended to the custom file, tell Event Manager to read from this file.

    In Release 11, the Event component can be configured to read from a syslog formatted file by doing the following:

    • The configuration file is $CASHCOMP/opr/scripts/envset.

    • This file contains the environment variables CA_OPR_READ_SYSLOG_FILE and CA_OPR_SYSLOG_FILE.

    • The following environment variables have the following default values:

      CA_OPR_READ_SYSLOG_FILE=NO
      CA_OPR_SYSLOG_FILE=DEFAULT

    • To read from the above user-specified file, modify these to:

      CA_OPR_READ_SYSLOG_FILE=YES
      CA_OPR_SYSLOG_FILE=/tmp/syslog.custom

  4. Restart OPR.

With this modification you can ensure that only the syslog messages you select are visible in the console.