While the ability for the z/OS® syslogd to receive remote messages can be very useful, it is important that appropriate planning take place to ensure that the additional remote message traffic that syslogd receives does not create a performance issue or impede the ability for the local z/OS syslogd to perform its processing. The following configuration options can help reduce such risks:
The OPERLOG log stream must be configured and active before using the syslogd /dev/operlog destination. If the OPERLOG log stream is not active when syslogd attempts to log a message to the /dev/operlog destination, message FSUM1234 is logged with a facility.priority value of daemon.error. If the OPERLOG log stream later becomes active, message FSUM1235 is logged with a facility.priority value of daemon.info, and logging to OPERLOG automatically begins. For more information about using OPERLOG, see z/OS MVS Planning: Operations.
(host1.xyz.com).*.* /dev/operlog
(host2.xyz.com).*.* /dev/operlog
In this example,
syslogd resolves the specified host names to the IP addresses associated
with those hosts during initialization by invoking the system resolver
services. After initialization is complete and syslogd begins receiving
remote messages, it first checks to determine whether the incoming
messages match any of the specified configuration statements. In this
example, syslogd processes only remote messages that have a source
IP address associated with the hosts host1.xyz.com or host2.xyz.com,
and logs these messages in the MVS operations
log. Assuming that no other configuration statements are specified,
any messages received from other hosts are discarded. Specifying configuration statements that identify each remote host using a host name also has the additional benefit of enabling these remote messages to include a host name identification when they are logged locally, without incurring the overhead of a host name resolver lookup for each incoming message. The per-message host name resolver lookup can be disabled using the -x syslogd option. If the ability to perform a resolver lookup for every message is necessary or useful in your environment, you should use the system resolver cache function (see Customizing the resolver and Resolver caching). If host name resolution is performed, and the message was received over a link-local IP address, the resolved host name might include scope information that identifies the interface over which the message was received. For more details on support for scope information on a host name, see z/OS Communications Server: IPv6 Network and Application Design Guide.
In addition to host names, remote syslogd instances can also be identified using IPv4 or IPv6 addresses or by specifying an IPv4 subnetwork or IPv6 network prefix. For example:
(10.42.105/24).*.* /dev/operlog
(10.43.110.15).*.* /tmp/otherlog
In this example, any remote messages received from hosts using an IP address in subnetworks 10.42.105.0 to 10.42.105.255 are logged in the MVS operations log, while messages received from the host identified by 10.43.110.15 are logged in the /tmp/otherlog file.
(host1.xyz.com).*.crit /dev/operlog
(host2.xyz.com).*.crit /dev/operlog
With these configuration
statements, syslogd logs only messages received from hosts host1 and
host2 that have a critical priority to the MVS operations log. Assuming that no other configuration
statements are specified, any other messages received from those hosts
are discarded.