IBM Support

PASE for System i and Syslog / Syslogd

Technote (troubleshooting)


Problem(Abstract)

This document provides basic information about syslog and syslogd as it pertains to PASE on System i.

Resolving the problem

The syslog API is used on UNIX systems to log messages regarding system operation. Messages sent using syslog are received by a syslogd daemon running in the background on a local system. The syslogd daemon routes the messages to a destination described by a configuration file. Messages can be logged locally or routed to another system across the network.

The syslog API and the associated syslogd daemon are provided on IBM i using the PASE for i runtime. The syslogd daemon needs to be manually configured and started to be used.

The syslog API is described in the AIX Information Center at the following URL:

http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.basetechref/doc/basetrf2/syslog.htm

The configuration of the syslogd daemon is described in the AIX Information Center at the following URL:

http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds5/syslogd.htm

One deviation from this documentation is that the syslogd configuration file on IBM i is named /QOpenSys/etc/syslog.conf, versus /etc/syslog.conf and must be created (it does not exist by default).

The IBM i operating system does not log system operation messages using the syslog API. 5250 green screen, ftp, iSeries Navigator, and other native IBM i connections will not be logged using syslog. IBM i object authorization errors will not be logged to by syslog either. IBM i logs these types of messages using facilities such as the QSYSOPR message queue and the QAUDJRN security audit journal. Some programs ported to IBM i (such as OpenSSH) will log messages to both syslog and an IBM i facility. There are third-party products available to capture and resend IBM i system operation messages using syslog. For example:

o The syslog-ng Agent for IBM System i:
//www.balabit.com/network-security/syslog-ng/central-syslog-server/ibm-system-i/

o Townsend Security Solutions Alliance LogAgent:
//patownsend.com/cms_uploads/file/WhitePapers/Alliance_LogAgent_Solution_Brief.pdf

o PowerTech Interact:
//www.powertech.com/powertech/PowerTech_Web_Interact.asp

o SafeStone iConnect
//www.safestone.com/iConnect

If the syslogd daemon is not running when the syslog API is used, the system routes message priorities LOG_EMERG, LOG_ALERT and LOG_CRIT to the *REQUESTER message queue (in other words, QSYSOPR for batch jobs, or the user's message queue for an interactive job). LOG_ERR and LOG_WARNING priorities are sent to the joblog as *DIAG messages. LOG_NOTICE, LOG_INFO, and LOG_DEBUG are sent to the joblog as *INFO messages.

The logging priorities used by syslog can be found in the following include file:

/usr/include/sys/syslog.h

and are noted below:

/* Priorities (these are ordered - smaller number is a higher priority) */
#define LOG_EMERG   0    /* system is unusable */
#define LOG_ALERT   1    /* action must be taken immediately */
#define LOG_CRIT    2    /* critical conditions */
#define LOG_ERR     3    /* error conditions */
#define LOG_WARNING 4    /* warning conditions */
#define LOG_NOTICE  5    /* normal but signification condition */
#define LOG_INFO    6    /* informational */
#define LOG_DEBUG   7    /* debug-level messages */


Cross reference information
Segment Product Component Platform Version Edition
Operating System IBM i 7.2
Operating System IBM i 7.1
Operating System IBM i 6.1

Historical Number

518681384

Document information

More support for: IBM i
Programming (Languages- compilers- tools)

Software version: 5.1.0, 5.2.0, 5.3.0, 5.3.5, 5.4.0, 5.4.5, 6.1, 6.1.0, 6.1.1, 7.1, 7.1.0, 7.2, 7.2.0

Operating system(s): IBM i

Reference #: N1013082

Modified date: 20 December 2012


Translate this page: