General Information on Log Facilities

Log Facilities provide a means of creating and maintaining system logs.

Further Information

Managing Log and Archive Files

Type

The Log Facility determines the type and source of information that will be logged. Open the pull-down menu to select the type. Type can be either Filename, Hostname, or User ID.

Facility

The log facility determines the type and source of information that gets logged. The log facilities you can select are as follows: The "syslog" log facility is especially useful in case the other logs fill up their file systems - be sure to set the output "Log Filename" to /dev/console, or to a separate file system.

Priority

Open the pull-down to select the priority. The logging priorities are listed in in order of increasing severity. The priority you select will be the minimum level that gets logged.

Log Filename (Log Facilities)

The log filename must have an absolute path (beginning with a '/'), and the path to the filename must exist. (e.g., /tmp/test.log)

Log Hostname

If this Log Facility is of the type, "Hostname", you should enter the hostname in the "@hostname" format. This will redirect log output to that machine providing that the appropriate log facilities on the target system have been enabled as well. Also you may need to add a connection with the appropriate service(s) to permit the redirected logging protocol.

Log User ID

If this Log Facility is of the type, "UserID", you should enter a UserID or UserIDs on the local system. The syslog daemon will write log records to their terminals. Note that multiple UserIDs must be listed in comma-demlimited format.

Archive Management

For use only with a filename type log facility. When enabled, the log file will be processed according to the settings described below.

Note: Archive management also requires use of the fwlogmgmt command to be submitted on a periodic basis. It is recommended that you set up a crontab entry for this command with an interval closely resembling that of the "Days Until Purge" setting.

The usage for the fwlogmgmt command is:
SYNTAX:
      fwlogmgmt       { -a | -l }
 
FLAGS
     -a Use this option to manage and maintain archived log  files  as
     directed in the /etc/security/logmgmt.cfg file.
 
     -l Use this option to compress and archive log files as  directed
     in the /etc/security/logmgmt.cfg file.
Crontab Example: A quick method for setting up a crontab is detailed below. To learn more about the AIX crontab function, issue "man crontab" from the AIX command line.

To set up a crontab that will compress and archive all log files (that have been configured to be archived) every Sunday at 2am, follow these steps:

  1. Start an editor session on the crontab file by issuing the following command:
    crontab -e
    
    (This should bring up an editor session using the editor defined by your $EDITOR variable. If you wish to use another editor, you can either change the value of the $EDITOR variable or issue "crontab -l > tempcron". You can then edit the tempcron file and issue "crontab tempcron" to activate your changes to the file.)

  2. Note that each crontab file entry contains six fields separated by spaces or tabs in the following form:
    
    minute  hour  day_of_month  month  weekday 
    

    These fields accept the following values:

    • minute: 0 through 59
    • hour: 0 through 23
    • day_of_month: 1 through 31
    • month: 1 through 12
    • weekday: 0 through 6 for Sunday through Saturday

    So, in order to run the fwlogmgmt field every Sunday at 2am, add the following line to the bottom of the crontab file:

    0 2 * * 0 /usr/bin/fwlogmgmt -l
    

    Your crontab file should now look something like this:

    -------------------------------------------------------------------
    # (C) COPYRIGHT International Business Machines Corp. 1989,1994
    # All Rights Reserved
    # Licensed Materials - Property of IBM
    #
    # US Government Users Restricted Rights - Use, duplication or
    # disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
    #
    #0 3 * * * /usr/sbin/skulker
    #45 2 * * 0 /usr/lib/spell/compress
    #45 23 * * * ulimit 5000; /usr/lib/smdemon.cleanu > /dev/null
    0 11 * * * /usr/bin/errclear -d S,O 30
    0 12 * * * /usr/bin/errclear -d H 90
    0 2 * * 0 /usr/bin/fwlogmgmt -l
    -------------------------------------------------------------------
    
  3. Save the file to activate the changes.

Days Until Archive

Select days until archive. The number of days until archive must be zero or greater.

Archive Filename

The name of the file where the archived data will be written. Absoulte path name must be specified. (e.g., /tmp/local4.log.a)

Days Until Purge

Select the number of days until the purge. The number of days to keep the log files must be a minimum of zero days. Log management does not include the current day when calculating the number of days to keep.

Workspace

Log management requires temporary work space to run an effective log management process. The work space made available to log management should be equal to that of the largest log file being managed. Identify a directory that could be used for temporary file processing. (e.g., /tmp)

OK

Press the "OK" button to save changes and close the window.

Cancel

Press the "Cancel" button to close the window without saving any changes.