7.7.1.2.4.4 SYSLOG Attributes

Configuring SYSLOG Attributes: syslogconf and syslogFormat

The syslogconf attribute extends syslog rules for a cell. The attribute can be used to designate that syslog messages be forwarded to a specified management server. On the management server, the forwarded messages are directed to a file, console, or management application, depending on the syslog configuration on the management server. The syntax for configuring this attribute is: 

syslogconf = ('selector @node' [, 'selector @node']... )

In the preceding syntax, selector is the message type, and node is the specified server. Both variables follow syslog.conf standard syntax rules.

  • The facility option for the syslogconf attribute must be one of the following: auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6, local7, none, and *.

  • The priority option for the syslogconf attribute must be one of the following: alert, crit, debug, emerg, err, error, info, notice, panic, warn, warning, none, and * (asterisk).

The ALTER CELL VALIDATE syslogconf selector command sends a test log message. The test message is directed as specified by rules in the /etc/syslog.conf file. If the syslogconf assignment extends the syslog rules, then a test message is forwarded to the specified management servers.

Starting with Oracle Exadata System Software release 19.1.0, you can use the syslogFormat attribute to change the standard format for syslog to any format by setting the value to the desired format string. Setting the syslogFormat attribute to an empty string removes the format change, reverting the syslog format to the default format. If the format string contains a control character, it must be preceded by a backslash when entering the command.

See Example 7-24 for examples of the syntax.

Starting with Oracle Exadata System Software release 19.3.0, you can use the syslogFormat attribute to enable sending syslog in an encrypted format. For the complete configuration steps, refer to Encrypting System Log Information.

Example 7-21 Using the syslogconf Attribute

This example shows how to add a rule using the syslogconf attribute.

CellCLI> ALTER CELL syslogconf=('*.err;authpriv.none @loghost', -
         '*.emerg @loghost')

Example 7-22 Adding and Validating a Rule

This example shows how to add and validate a rule with test message.

CellCLI> ALTER CELL syslogconf=('kern.crit @loghost')
CellCLI> ALTER CELL VALIDATE syslogconf   'kern.crit'

Example 7-23 Removing All syslog.conf Rules

This example shows how to remove the syslog.conf rule. 

CellCLI> ALTER CELL syslogconf=''

Example 7-24 Setting the Syslog Format to a Custom String Then Reverting to the Default Format

This example shows how to specify a customized format for syslog.

CellCLI> ALTER CELL syslogformat="%TIMESTAMP:::date-rfc3339% %HOSTNAME%%syslogtag%
%syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\\n"

CellCLI> ALTER CELL syslogformat="%TIMESTAMP% %HOSTNAME% %msg%\\n"

CellCLI> ALTER CELL syslogformat=""

Configuring additional log forwarding: syslogInput

Starting with Oracle Exadata System Software release 22.1, the syslogInput attribute enables syslog on the local host (database server or storage server) to forward additional logs to remote log servers.

The syntax for configuring the syslogInput attribute is: 

syslogInput = ('selector @[@]node[:remote_port]' [, 'selector @[@]node[:remote_port]']... )

In the preceding syntax, selector specifies the additional logs being forwarded. The selector value can contain the following entries:

  • audit - Specifies the audit log at /var/log/audit/audit.log.

  • aide - Specifies the Advanced Intrusion Detection Environment (AIDE) log at /var/log/aide/aide.log.

  • yum - Specifies the YUM log at /var/log/yum.log.

Multiple selector entries must be separated by a semicolon (;) character.

Each node is specified using the hostname or IP address preceded by one or two at sign (@) characters. You can include one at sign (@) to use UDP for communications or specify two at sign characters (@@) to use TCP.

By default, the remote system receives communications on port 514, which is the default rsyslogd port. You can specify another port number by appending a colon (:) character and remote port number to the node specification

In the following example, loghost1 is configured to receive audit and AIDE logs using UDP on the default rsyslogd port (514). Also, loghost2 is configured to receive YUM logs using TCP on port 10514. 

CellCLI> ALTER CELL syslogInput=('audit;aide @loghost1','yum @@loghost2:10514')

To stop and remove additional log forwarding, set syslogInput to an empty string. For example: 

CellCLI> ALTER CELL syslogInput=''

Configuring the ILOM SYSLOG: ilomSyslogClients

Starting with Oracle Exadata System Software release 21.2.0, the ilomSyslogClients attribute specifies the remote destination to forward syslog messages from the Integrated Lights Out Manager (ILOM) service processor (SP).

The ilomSyslogClients attribute accepts a comma-separated list of up to two loghost servers. For each loghost server, you must specify a valid hostname or IP address.

For example:

CellCLI> ALTER CELL ilomSyslogClients="192.0.2.101,192.0.2.201"

Note:

The specified ilomSyslogClients must listen on port 514 to receive the ILOM syslog messages.

Parent topic: ALTER CELL Commands for Setting Attributes