Configuring rsyslog on Solaris 11

By default, Solaris uses its native syslog as the default log manager:

svcs system-log
STATE          STIME    FMRI
disabled       12:07:34 svc:/system/system-log:rsyslog
online         12:08:10 svc:/system/system-log:default

If you want to use rsyslog, check if the package is installed (on my machine it’s already there):

pkg info system/rsyslog

To install it:

pkg install system/rsyslog

Now, to use rsyslog, first you have to disable the native syslog:

svcadm disable system/system-log:default

Then enable and refresh the service:

svcadm enable system/system-log:rsyslog
svcadm refresh system/system-log:rsyslog

To check the status:

svcs -p rsyslog
STATE          STIME    FMRI
online         12:10:04 svc:/system/system-log:rsyslog
               12:10:04      1199 rsyslogd