Solved: Q about LMS/Solaris syslogd

STEFFEN NEUSER · ‎11-08-2011

I see LMS adjusted syslog.conf to receive udp514 => local7.info => /var/log/syslog_info => DB

Does it mean its receiving severity info only or including everything else above (warn, crit, ...) as well?

If not, how can we extend that everithing else above info will receive the LMS syslog till DB and frontends?

thx for hints, Steffen

Martin Ermel · ‎11-09-2011

the entry means that syslogd puts all syslog messages it receives with a FACILITY of "local7" and a SEVERITY from "info" upwards into the file /var/log/syslog_info

don't mess up facility with severity, all (there are only very rare exceptions) Cisco devices sends their syslog messages with a facility of "local7" which then can be used on the receiving site to roughly filter the messages by the type of source the message comes from. See this paper for details:

http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

and all messages with severity "info" [6] upwards means upto "emergency" [0], so only debugging messages gets dropped.

View solution in original post

Martin Ermel · ‎11-09-2011

the entry means that syslogd puts all syslog messages it receives with a FACILITY of "local7" and a SEVERITY from "info" upwards into the file /var/log/syslog_info

don't mess up facility with severity, all (there are only very rare exceptions) Cisco devices sends their syslog messages with a facility of "local7" which then can be used on the receiving site to roughly filter the messages by the type of source the message comes from. See this paper for details:

http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

and all messages with severity "info" [6] upwards means upto "emergency" [0], so only debugging messages gets dropped.

STEFFEN NEUSER · ‎11-09-2011

thx