IBM Books

Administration Guide

Managing the BSD syslog facility

SP error logging utilizes the BSD syslog facility for recording error events.


To access the Syslog SMIT menu, enter:

smit spsyslog

Generating reports on BSD syslog log files

The syslogd daemon, which logs the errors, is configured with a file designating filters for the incoming messages to determine their destination. The default configuration file is /etc/syslog.conf. BSD syslog errors are classified by the facility that is issuing the error, and by the error's priority value. Refer to syslogd in the IBM AIX Commands Reference for a list of facility and priority values. Entries in the configuration file determine the destination for each error message based on these values. Destinations can be a file, user ID, or the syslogd daemon on another machine. We suggest that error messages be logged locally rather than forwarded to a remote syslogd because of the increased network traffic. File collections can be used to maintain consistent configuration of the syslog facility.

The format of a syslog log file is:

MMM DD HH:MM:SS node_name resource[pid]: msg


Timestamp (month day hour:minute:second)

The name of the node that the error occurred on

The name of the failing system

The optionally logged process ID of the failing resource.

A free form error message.

Errors logged by SP components will contain in the message section the following additional information pertaining to the logging resource:

LPP name



Line number or function


The fastpath invocation for the Generate a Syslog Report menu is:

smit spsyslrpt

From the command line

To report to the local node all records logged by ftp for all syslog log files on nodes in the current system partition, enter:

psyslrpt -a -r ftp

To report all records that logged to files selected for the daemon and user facilities starting on March 3 and to report the records to the local node from nodes host1 and host2, enter:

psyslrpt -w host1,host2 -f user,daemon -s 03030000

For complete details on the psyslrpt command, refer to the PSSP: Command and Technical Reference.

Trimming BSD syslog log files

The size of syslog log files is not configurable and will continue to grow until manually trimmed.


The fastpath invocation for the Trim Syslog Log Files menu is:

smit spsyslclr

From the command line

|To trim all entries older than 30 days from all syslog log files |specified in the syslog configuration file /etc/syslog.conf, |on all nodes in the local system partition, enter:

|psyslclr -a -y 30

|To trim all records older than 30 days from any log file, for instance the |/var/adm/SPlogs/SPdaemon.log file on the local node, use the |-l option such as:

|psyslclr -y 30 -l /var/adm/SPlogs/SPdaemon.log

|To trim all records from all log files specified in an alternate syslog |configuration file, for instance one named |/u/local/syslog.conf, use the -g option such |as:

|psyslclr -g /u/local/syslog.conf -y 0
The syslogd daemon is stopped during the trimming process, then restarted with either the default configuration file or an alternate file if specified with the -g option. For complete details see the psyslclr command in the book PSSP: Command and Technical Reference.

The psyslclr command can be added as a crontab entry for performing scheduled syslog trimming. On the control workstation, the psyslclr command is used to trim daemon facility messages older than six days. This is done in the /usr/lpp/ssp/bin/ script that is run from the crontabs file on the control workstation. (See Chapter 13, Maintaining the crontabs file for more information.)

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]