Skip to main content

Logging

All Bravura Security Fabric Unix-based applications use syslog to store information. See the Unix man page for more details on syslog.

You can configure psunix facility and level options in psunix.cfg to control logging behavior.

By default the logger directs any logging to syslog through the LOG_USER facility. Use the facility setting to direct the logging to another syslog facility. Valid values are:

  • LOG_AUTH

  • LOG_AUTHPRIV

  • LOG_CRON

  • LOG_DAEMON

  • LOG_FTP

  • LOG_KERN

  • LOG_LOCAL0

  • LOG_LOCAL1

  • LOG_LOCAL2

  • LOG_LOCAL3

  • LOG_LOCAL4

  • LOG_LOCAL5

  • LOG_LOCAL6

  • LOG_LOCAL7

  • LOG_LPR

  • LOG_MAIL

  • LOG_NEWS

  • LOG_SYS

  • LOG

  • LOG_USER

  • LOG_UUCP

Example:

facility = "LOG_USER";

The log level option allows the logger to filter content of a specified level and higher out of syslog. Higher logging levels result in more verbose entries in syslog. This is not to be confused with the syslog log level configuration option, which directs tagged messages to the appropriate logging queues.

By default, the logging level is set to 5 (debug level), effectively causing most of psunix logging to be directed to syslog. This does not mean that syslog logs all that we send. Rather, syslog uses syslog.conf (see the syslog.conf man page) to filter and direct logging as it sees fit.

Valid logging levels:

  • nolog=0

  • error=1

  • warning=2

  • notice=3

  • info=4

  • debug=5

Example:

level = "5";

The [facility].[actualseverity from each message] will be tagged to each message sent to syslog. You can use syslog.conf (or its equivalent, if using other system loggers such as syslog-ng) to direct the messages accordingly. For example, use one of the local facilities, such as local0/LOG_LOCAL0, and redirect all psunix output to a separate file to facilitate troubleshooting.

Note that if your system has any "catch-all" rules in syslog.conf, these will be triggered in addition to logging as configured by the psunix.cfg facility option. For example:

   # Some ‘catch-all' logfiles. 
   # 
   *.=debug;\ 
           auth,authpriv.none;\ 
           news.none;mail.none     -/var/log/debug 
   *.=info;*.=notice;*.=warn;\ 
           auth,authpriv.none;\ 
           cron,daemon.none;\ 
           mail,news.none          -/var/log/messages

makes psunix debug output go into /var/log/debug in addition to the /var/log/local0 file as configured by the facility option. To only keep Bravura Security Fabric logs in one file, you would need to add lines such as:

local0.none;

to all the catch-all *.level entries in syslog.conf.

In this section: