Zones Console Logs
By Mike Gerdts-Oracle on May 07, 2014
You know how there's that thing that you've been meaning to do for a long time but never quite get to it? And then one day something just pushes you over the edge? This is a short story of being pushed over the edge.
As I was working on kernel zones, I rarely used zlogin -C to get to the console. And then I'd get a panic. If the panic happened early enough in boot that the dump device wasn't enabled, I'd lose all traces of what went wrong. That pushed me over the edge - time to implement console logging!
With Solaris 11.2, there's now a zone console log for all zone brands: you can find it at /var/log/zones/zonename.console.
root@kzx-05:~# zoneadm -z junk boot root@kzx-05:~# tail /var/log/zones/junk.console 2014-04-18 12:59:08 syncing file systems... done 2014-04-18 12:59:11 2014-04-18 12:59:11 [NOTICE: Zone halted] 2014-04-18 13:00:56 2014-04-18 13:00:56 [NOTICE: Zone booting up] 2014-04-18 13:00:59 Boot device: disk0 File and args: 2014-04-18 13:00:59 reading module /platform/i86pc/amd64/boot_archive...done. 2014-04-18 13:00:59 reading kernel file /platform/i86pc/kernel/amd64/unix...done. 2014-04-18 13:01:00 SunOS Release 5.11 Version 11.2 64-bit 2014-04-18 13:01:00 Copyright (c) 1983, 2014, Oracle and/or its affiliates. All rights reserved.
The output above will likely generate a few questions. Let me try to answer those.
Will this log passwords typed on the console?
Generally, passwords are entered in a way that they aren't echoed to the terminal. The console log only contains the characters written from the zone to the terminal - that is it logs the echoes. Characters you type that are never printed are never logged.
Can just anyone read the console log file?
No. You need to be root in the global zone to read the console log file.
How is log rotation handled?
Rules have been added to logadm.conf(4) to handle weekly log rotation.
I see a time stamp, but what time zone is that?
All time stamps are in the same time zone as svc:/system/zones:default. That should be the same as is reported by:
root@kzx-05:~# svcprop -p timezone/localtime timezone US/Pacific
Really, what does the time stamp mean?
It was the time that the first character of the line was written to the terminal. This means that if a line contains a shell prompt, the time is the time that the prompt was printed, not the time that the person finished entering a command.
I see other files in /var/log/zones. What are they?
zonename.messages contains various diagnostic information from zoneadmd. If all goes well, you will never need to look at that.
zoneadm.* contains log files from attach, install, clone, and uninstall operations. These files have existed since Solaris 11 first launched.