How to parse syslog.conf for errors?

[duke2nuke]

Hi,

Is there anyone know how to parse syslog.conf in Solaris 11.1? I made changes in syslog file for more loggings since then
syslog has stopped writing on log files, for example /var/adm/messages is empty.

Though system doesn't complain about the error in syslog.conf file, but I know for sure there is something wrong with the file, I have
restarted log service in SMF but no luck.

can anyone help?
here is my syslog.conf file:

===================================
#
#ident "%Z%%M% %I% %E% SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
# FTP Transfers are logged in /var/log/xferlog


*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

*.alert;kern.err;daemon.err operator
*.alert root

*.emerg *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug /var/log/syslog

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#

#******************************************************
# Logging for all successful and failed login *
#******************************************************

auth.info /var/log/authlog
local0.info /var/log/logins

#******************************************************
#* Capture Failed Authentication errors *
#******************************************************

auth.info;auth.notice /var/log/auth/auth.info
auth.warning /var/log/auth/auth.warning
#auth.debug /var/log/auth/auth.debug
auth.err;auth.crit;auth.emerg /var/log/auth/auth.err

#******************************************************
# Logging for SSH Alerts *
#******************************************************

local1.info /var/log/ssh/ssh.info

#******************************************************
# Logging for Kernel Alerts *
#******************************************************

kern.info;kern.notice /var/log/kernel/kernel.info
kern.warning /var/log/kernel/kernel.warning
#kern.debug /var/log/kernel/kernel.debug
kern.err;kern.crit;kern.emerg /var/log/kernel/kernel.err

#******************************************************
# Logging for User Alerts *
#******************************************************

user.info;user.notice /var/log/user/user.info
user.warning /var/log/user/user.warning
#user.debug /var/log/user/user.debug
user.err;user.crit;user.emerg /var/log/user/user.err

#******************************************************
# Logging for daemon Alerts *
#******************************************************

daemon.info;daemon.notice /var/log/daemon/daemon.info
daemon.warning /var/log/daemon/daemon.warning
daemon.debug /var/log/daemon/daemon.debug rotate time 3m files 3
daemon.err;daemon.crit;daemon.emerg /var/log/daemon/daemon.err

#******************************************************
# Logging for Mail Alerts *
#******************************************************

mail.info;mail.notice /var/log/mail/mail.info
mail.warning /var/log/mail/mail.warning
mail.debug /var/log/mail/mail.debug
mail.err;mail.crit;mail.emerg /var/log/mail/mail.err



Thanks

 

[Annihilannic]

I haven't touched Solaris for a few years now, but the most common problem used to be using spaces instead of tabs. syslog.conf at the time only supported tabs as field separators.

Annihilannic
[small]tgmlify - code syntax highlighting for your tek-tips posts[/small]