1. Cartridge Packs
  2. Configuring the Syslog Collection Cartridge Pack

15 Configuring the Syslog Collection Cartridge Pack

This document describes how to configure the nodes included in the Oracle Communications Offline Mediation Controller Syslog Collection Cartridge Pack.

Topics in this document:

About the Syslog Collection Cartridge Pack

The Syslog Collection Cartridge Pack collects syslog files from multiple devices.

Configuring the Syslog CC Node

To configure the Syslog CC S CC node, you configure standard parameters, include file management and FTP connection configurations.

Syslog Configuration On Solaris 8, 9, and 10

The file /etc/syslog.conf contains information used by syslogd, the syslog daemon process, to forward a system message to appropriate log files and/or users. The syntax is explained below.

The configuration entry is composed of two tab-separated fields:

Syntax: <selector> <action>

Example 1: 

mail.alert          /var/adm/messages

Example 2: 

mail.alert          @10.13.3.28

Syslog Rotation On Solaris 8

The shell script newsyslog rotates the log file that is run by the cron job. This script is provided by Sun as part of the Solaris package. You can either edit this file or create your own script and add it to the cron tab. The file location is: /usr/lib/newsyslog.

Here is a sample newsyslog shell script: 

#! /bin/sh
LOG=TestLog
EXT=complete
cd /var/adm
if test -s $LOG
then
        test -f $LOG"_2."$EXT && mv $LOG"_2."$EXT $LOG"_3."$EXT
        test -f $LOG"_1."$EXT && mv $LOG"_1."$EXT $LOG"_2."$EXT
        test -f $LOG"_0."$EXT && mv $LOG"_0."$EXT $LOG"_1."$EXT
        test -f $LOG && mv $LOG   $LOG"_0."$EXT
        cp /dev/null $LOG
        chmod 644    $LOG
fi

Syslog Rotation On Solaris 9

The logadm is a general log rotation tool that is run by the cron job. You need to specify the configuration options for the logadm in the /etc/logadm.conf file. Then you can configure the cron job to run the rotation tool every hour, or for another specified time period.

The syntax is: <log name> <options>

For example: /var/adm/messages -C 10 -t '/var/adm/messages_$N.complete'

The necessary rotation options for a log file are as follows:

  • -s size: use b for bytes, k for kilobytes, m for megabytes, or g for gigabytes

  • -C count

  • -t template: specify the template to use when renaming log files:

    • $file - The full path name of the file to be rotated.

    • $n - The version number, 0 is most recent, 1 is next most recent, and so on.

    • $N - The same as $n, but starts at 1 instead of zero.

There are additional options but the above options are the only necessary ones for this cartridge pack.

If you are using the default configuration for the logadm, you need to configure the cron job as follows: 

0 * * * *    /usr/sbin/logadm

If you are using your own configuration for the logadm, you need to configure the cron job as follows: 

0 * * * *    /usr/sbin/logadm -f <config file name>

Using the example: /var/adm/messages -C 10 -t '/var/adm/messages_$N.complete', the log file will be rotated and renamed every hour as follows: 

/var/adm/messages_1.complete, /var/adm/messages_2.complete, /var/adm/messages_3.complete

........up to

/var/adm/messages_10.complete

Syslog Rotation On AIX 5.3

The file /etc/syslog.conf contains information used by syslogd and the syslog daemon process, to forward a system message to appropriate log files or users or both. Since AIX has no logrotate daemon running, you must adapt syslogd to do the syslog rotation. The format would be

Syntax: <selector> <action> <rotate_info>

Example 1:

mail.debug /var/log/mail rotate size 100k files 4  # 4 files, 100kB each

Example 2: 

user.debug /var/log/user rotate files 12 time 1h # 12 files, hourly rotate

Rotation can be based on size or time or both.

Size: This keyword specifies that rotation is based on size. It is followed by a number and either a k (kilobytes) or m (megabytes).

Time: This keyword specifies that rotation is based on time. It is followed by a number and either a h(hour) or d(day) or w(week) or m(month) or y(year).

NAR Attributes and Error Scenarios

Table 15-1 details the Network Accounting Record (NAR) attributes, as well as potential error scenarios.

Table 15-1 Network Accounting Record Attributes and Potential Errors

NAR ID Type Value

facility

string
This field can be blank or contain any of the following values:
  • user
  • kern
  • mail
  • daemon
  • auth
  • lpr
  • news

messageId

string

This field can be blank or contain a numeric value.

filename

string

Input file name.

processName

string

This field can be blank or contain a string value such as sendmail or mountd.

processId

string

This field can be blank or contain a numeric value.

message

string

Syslog message.

date

string

The date as a string value in the format:

MMM d HH:mm:ss

For example: Dec 2 16:40:50

level

string
This field can be blank or contain any of the following values:
  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug
  • none

host

string

This field can be an IP address or host name.

nar_errorFlag

integer

A flag that indicates whether any problems were detected while parsing the CDR (0 means that no problems were detected and 1 means that a problem was detected).

The following are potential error situations where the node will skip the record and create a log:

  1. If date field is not in the format MMM d HH:mm:ss.

  2. If the processId is not a valid numeric value.

  3. If there are any missing fields in the input data, such as date, host or message, for example.

The node will create a log with the following format:

Invalid Data, File data not as expected, Invalid syslog record in 'filename' file: 'syslog_record' This record cannot be processed

For example: 

Invalid Data, File data not as expected, Invalid syslog record in 'message3.complete' file: '09 26 05:26:36 servcomnetdb25 mountd[5436]: [ID 882487 daemon.error] unable to create nfsauth service' This record cannot be processed

Known Problems

The following are known problems for this cartridge pack:

  1. In the event of an FTP session failure, the CC node will attempt to re-establish the session every 5 seconds, instead of the configured FTP Interval value on the FTP Settings tab. The CC node will continue to attempt a re-connection until it successfully transfers the file. The CC node will generate a log message for each unsuccessful FTP attempt. If there is a problem with the network or the FTP server, you may want to stop the CC node, fix the problem, and then restart the CC node.

  2. When provisioning the local directory where the CC node is to collect files, if the specified directory does not exist, the CC node will raise a critical alarm and will not start.

  3. When configuring the prefix and suffix values for the CC node, non-alphanumeric characters, such as . and _ are supported but the # and / characters are not supported. Using these unsupported characters can result in the use of unexpected values when the data files are being renamed.