2021-03-17 21:05:54 +00:00
# AIX errlogger to remote syslog
Instructions for how to forward errlogger messages from IBM AIX and IBM Power Systems VIO Servers to a remote logging solution.
2021-03-24 07:05:14 +00:00
More information about the AIX errlogger is available on the IBM [knowledge center ](https://www.ibm.com/support/knowledgecenter/ssw_aix_72/generalprogramming/error_notice.html ).
2021-03-17 21:05:54 +00:00
## On each AIX / VIO Server
### Prepare the local syslog service
2023-01-03 11:49:21 +00:00
Configure the local syslog service to forward messages to our remote [syslogd ](https://git.data.coop/nellemann/syslogd/ ) service.
2021-03-17 21:05:54 +00:00
Create an empty local log file:
```shell
touch /var/log/error.log
```
Add the following to the /etc/syslog.conf file:
```text
# Remote logging to remote host on port 514/UDP (AIX does not support non-default port number)
*.warn @10 .32.64.1
# Also log to a local file, rotated daily and kept for 7 days
*.warn /var/log/error.log rotate time 1d files 7
2021-03-24 07:05:14 +00:00
# Optionally log authentication messages to remote host
2021-03-24 10:10:19 +00:00
#auth.info,authpriv.info @10.32.64.1
2021-03-17 21:05:54 +00:00
```
We use *10.32.64.1* as our remote syslog server in the above example.
Restart the syslogd service:
```shell
refresh -s syslogd
```
### Forward errlogger to the local syslog
2023-01-25 07:47:31 +00:00
We configure the AIX [error logger ](https://www.ibm.com/docs/en/aix/7.3?topic=concepts-error-logging-overview ) to forward messages to the local syslog service.
2021-03-17 21:05:54 +00:00
Create an odm errnotify logging template file:
```shell
cat < < EOF > /tmp/err.tpl
errnotify:
en_name = "syslog1"
en_persistenceflg = 1
en_method = "/usr/bin/logger -plocal0.err [errnotify] seq: \$1 - \$(/usr/bin/errpt -l \$1 | tail -1)"
EOF
```
Add the template:
```shell
odmadd /tmp/err.tpl
```
Verify messages show up in the local syslog */var/log/error.log* file:
```shell
odmget -q"en_name='syslog1'" errnotify
errlogger system Test
```
#### Notes
If you need to delete the errnotify again:
```shell
odmdelete -o errnotify -q"en_name=syslog1"
```
To lookup err message details by a seq. no, run:
```shell
errpt -a -l [seq-no]
```
Or from the padmin shell:
```shell
errlog -ls -seq [seq-no]
```