Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1006247.1
Update Date:2010-11-01
Keywords:
Solution Type  Technical Instruction Sure

Solution  1006247.1 :   Sun StorEdge[TM] T3/T3+ array: Remote System Logging  

Related Items 
    

  • Sun Storage T3 Array
    •  
  • Sun Storage T3+ Array
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Storage - Disk>Modular Disk - Other
    •  

PreviouslyPublishedAs
208761 


Description
The Sun StorEdge[TM] T3/T3+ array has been configured to send its syslog messages to a:
syslog host, but the messages are being recorded in the local /etc/syslog file, and not being sent to the syslog host. 


Steps to Follow
Remote System Logging:

STEP 1:



The first thing to verify, is that the syslog.conf file in the /etc directory

of the Sun StorEdge T3/T3+ array, is correct. 


To configure this file to send messages to a syslog host, add an entry in the form of:


    *.category, 


where category is either: 


  information, notice, warning or error, 


followed by: 


  one or more tab spaces,
the @sign, and
the IP address of the syslog host.  



Note: The host name may be substituted for the IP address, if the name and IP

combination exists in the hosts file of the Sun StorEdge T3/T3+ array.


Shown here, is an example of a Sun StorEdge T3/T3+ array syslog.conf file:



stor-t300-b:/etc:<6>more syslog.conf


  # syslog.conf
# facility.level action


  # messages to local syslog file
*.notice	/syslog
*.info		/syslog
*.err		/syslog


  # messages to syslogd on another host
*.notice	@129.148.196.112


  # messages sent as SNMP traps
# *.warn.|snmp_trap saturn


In the above example, Sun StorEdge T3/T3+ array messages, of category - notice


and above, are being delivered to the local syslog file, as well as the syslog

host, identified by the ip address 129.148.196.112 .


Transfer this file to a suitable system for editing.


After the syslog.conf file has been edited/verified and transferred

back to the Sun StorEdge T3/T3+ array, run the -  set logto *  command, to 

initiate logging as shown following:


   stor-t300-b:/etc:<7>set logto *


Test the Sun StorEdge T3/T3+ array logging, by running the following command:


   stor-t300-b:/etc:<8>logger -p local7.notice message_from_t3



Note: The message should appear in the /syslog file on the Sun StorEdge T3/T3+ array,

but may or may not appear in the syslog host's designated file, since the syslog

host configuration has not yet been verified.


-------------------------------------------------------------------------------



STEP 2:



The system designated as the syslog host, contains its own syslog configuration

file - /etc/syslog.conf . An entry must be added to this file, so the Sun

StorEdge T3/T3+ array can send messages to this host. 


A configuration entry, is composed of two TAB-separated fields: 


   the selector and
the action. 


The selector field contains the <facility.level> information, and the action

field indicates where to forward the message.


In the case of the Sun StorEdge T3/T3+ array, the facility is one of

local0-local7. The level, is either: info, notice, warn or err. The action field

is usually a file located in /var/adm, such as /var/adm/t300.messages.


Shown here is an example of a syslog host's syslog.conf file.


 syslog host /etc/syslog.conf file entry (tab separated):
#ident  "@(#)syslog.conf  1.5  98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.   Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice			/dev/console
*.err;kern.debug;daemon.notice;mail.crit	/var/adm/messages


 *.alert;kern.err;daemon.err			operator
*.alert						root


 *.emerg						*


 # if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice			ifdef(`LOGHOST', /var/log/authlog, @loghost)


 mail.debug			ifdef(`LOGHOST', /var/log/syslog, @loghost)
local7.notice					/var/adm/t300.log


In the above example, the Sun StorEdge T3/T3+ array messages are being received

by this syslog host under the local7 facility. All Sun StorEdge T3/T3+ array

messages, of level notice and above, will be received by this facility. These

syslog messages are being delivered to the /var/adm/t300.log file.


Keep in mind, that the administrator is responsible for creating the file that

will be used to capture the Sun StorEdge T3/T3+ array messages. Run a command

like the following to create this file:


    touch /var/adm/t300.log   


A second thing to remember is, that if changes are made to the syslog.conf file,

the syslogd daemon must be stopped and restarted - use the following command:


   /etc/init.d/syslog stop
/etc/init.d/syslog start


Test the syslog host logging, by issuing the following command:


   #>logger -p local7.notice message_from_syslog_host


This message should appear in the destination file /var/adm/t300.log as

specified in the /etc/syslog.conf file. This test proves that the syslog host is

capable of receiving and logging messages of the <facility.level>, specified in

the /etc/syslog.conf file. It does not guarantee that the remote messages from

the Sun StorEdge T3/T3+ array will be logged.


-------------------------------------------------------------------------------



STEP 3:



On startup, the syslogd daemon reads a second file, which contains default

parameters for the daemon.  The file is /etc/default/syslogd.

This file contains the field LOG_FROM_REMOTE. By default, this is set to YES,

which allows the syslogd daemon to receive remote messages. If this field is set

to NO, the Sun StorEdge T3/T3+ array will still try to deliver the syslog

messages to the syslog host, but will be unsuccessful. The following snoop

session shows a Sun StorEdge T3/T3+ array, trying to deliver messages to a

syslog host, but the syslog host is being reported as unreachable, thus the

messages are not logged:


 #>: snoop stor-t300-b
Using device /dev/eri (promiscuous mode)
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288 


       thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288 stor-t300-b:/:<3>
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:10:14
thetee -> stor-t300-b  ICMP Destination unreachable (UDP port 514  unreachable)
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:10:14
thetee -> stor-t300-b  ICMP Destination unreachable (UDP port 514 unreachable)


Reviewing the /etc/default/syslogd file on the syslog host, we see that this 

syslog host has been prevented from receiving the remote messages.


 #ident	"@(#)syslogd.dfl	1.1	01/11/01 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/syslogd
#
# syslogd default settings processed via syslogd(1M).
#
# LOG_FROM_REMOTE affects the logging of remote messages, see syslogd(1M)
# for details.  The default value is "YES".  A value of "NO" (any case)
# results in disabling of remote logging; any other value is ignored.
#
# Copy and uncomment the following default lines to change the values.
#
#LOG_FROM_REMOTE=YES
LOG_FROM_REMOTE=NO


Edit this file, and change the value of LOG_FROM_REMOTE from NO to YES,

restart the syslog daemon as detailed above, and try another test.


After making the changes to the /etc/default/syslogd file, and restarting

the syslogd daemon, re-test the Sun StorEdge T3/T3+ array logging, by running

the following command from the Sun StorEdge T3/T3+ array:


   stor-t300-b:/etc:<9>logger -p local7.notice second_message_from_t3


This time, the snoop shows a successful transfer of the message to the

syslog host.


 #>: snoop stor-t300-b
Using device /dev/eri (promiscuous mode)
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       TELNET R port=39288 stor-t300-b:/:<2>
thetee -> stor-t300-b  TELNET C port=39288
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:13:57
stor-t300-b -> thetee       SYSLOG R port=514 <189>Aug 02 06:13:57


This message should appear in the /etc/syslog file, as well as the

/var/adm/t300.log file, as specified in the /etc/syslog.conf file.


-------------------------------------------------------------------------------



**** NOTE******



Check that the startup script /etc/init.d/syslog is not running syslog -t , as

this will also prevent the loghost from receiving messages from the Sun StorEdge

T3/T3+ array, even if /etc/default/syslogd has LOG_FROM_REMOTE=YES


Product
Sun StorageTek T3 Array

Sun StorageTek T3+ Array


 Internal Comments

 This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains.



 

To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

[email protected]

The Knowledge Work Queue for this article is KNO-STO-MIDRANGE_DISK
[email protected]


 remote, syslog, configuration, loghost, log, audited

 Previously Published As

 77608



 Change History

 Date: 2007-07-18

 User Name: 7058

 Action: Approved

 Comment: Updates OK to publish.

 Version: 13

 Date: 2007-07-18

 User Name: 7058

 Action: Accept

 Comment: 

 Version: 0

 Date: 2007-07-18

 User Name: 109562

 Action: Approved

 Comment: Ok

 Version: 0



Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback