Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Linux Tracker

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 154 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       The  syslog.conf  file  is the main configuration file for
       the syslogd(8) which logs system messages on *nix systems.
       This  file  specifies rules for logging.  For special fea­
       tures see the sysklogd(8) manpage.

       Every rule consists of two fields, a selector field and an
       action  field.   These  two fields are separated by one or
       more spaces or tabs.  The selector field specifies a  pat­
       tern  of facilities and priorities belonging to the speci­
       fied action.

       Lines starting with a hash mark (``#'')  and  empty  lines
       are ignored.

       This  release of syslogd is able to understand an extended
       syntax.  One rule can be divided into several lines if the
       leading line is terminated with an backslash (``\'').


       The  selector  field itself again consists of two parts, a
       facility and a priority, separated by  a  period  (``.'').
       Both  parts are case insensitive and can also be specified
       as decimal numbers, but  don't  do  that,  you  have  been
       warned.   Both  facilities and priorities are described in
       syslog(3).  The names mentioned below  correspond  to  the
       similar LOG_-values in /usr/include/syslog.h.

       The facility is one of the following keywords: auth, auth­
       priv, cron, daemon, kern, lpr, mail, mark, news,  security
       (same  as  auth),  syslog,  user,  uucp and local0 through
       local7.  The keyword security should not be  used  anymore
       and mark is only for internal use and therefore should not
       be used in applications.  Anyway, you may want to  specify
       and  redirect these messages here.  The facility specifies
       the subsystem that produced the  message,  i.e.  all  mail
       programs log with the mail facility (LOG_MAIL) if they log
       using syslog.

       The priority is one of the following keywords, in  ascend­
       ing  order:  debug,  info,  notice, warning, warn (same as
       warning), err, error (same as err),  crit,  alert,  emerg,
       panic (same as emerg).  The keywords error, warn and panic
       are deprecated and should not be used anymore.  The prior­
       ity defines the severity of the message

       The  behavior of the original BSD syslogd is that all mes­
       sages of the specified  priority  and  higher  are  logged
       according  to  the  given action.  This syslogd(8) behaves
       the same, but has some extensions.

       selector in the selector field is capable to overwrite the
       preceding  ones.  Using this behavior you can exclude some
       priorities from the pattern.

       This syslogd(8) has a syntax extension to the original BSD
       source, that makes its use more intuitively.  You may pre­
       cede every priority with an equation sign (``='') to spec­
       ify  only  this  single priority and not any of the above.
       You may also (both is valid,  too)  precede  the  priority
       with an exclamation mark (``!'') to ignore all that prior­
       ities, either exact this one or this and any higher prior­
       ity.  If you use both extensions than the exclamation mark
       must occur before the equation sign,  just  use  it  intu­


       The  action  field  of  a rule describes the abstract term
       ``logfile''.  A ``logfile'' need not to be  a  real  file,
       btw.  The syslogd(8) provides the following actions.

   Regular File
       Typically messages are logged to real files.  The file has
       to be specified with full pathname, beginning with a slash

       You  may  prefix  each  entry with the minus ``-'' sign to
       omit syncing the file after every logging.  Note that  you
       might  lose information if the system crashes right behind
       a write attempt.  Nevertheless this might  give  you  back
       some  performance, especially if you run programs that use
       logging in a very verbose manner.

   Named Pipes
       This version of syslogd(8) has support for logging  output
       to  named pipes (fifos).  A fifo or named pipe can be used
       as a destination for log messages  by  prepending  a  pipe
       symbol (``|'') to the name of the file.  This is handy for
       debugging.  Note that the fifo must be  created  with  the
       mkfifo(1) command  before syslogd(8) is started.

   Terminal and Console
       If  the  file you specified is a tty, special tty-handling
       is done, same with /dev/console.

   Remote Machine
       This syslogd(8) provides full remote logging, i.e. is able
       to  send  messages to a remote host running syslogd(8) and
       specify more than one user by separating them with  commas
       (``,'').   If  they're  logged  in  they  get the message.
       Don't think a mail would be sent, that might be too  late.

   Everyone logged on
       Emergency  messages often go to all users currently online
       to notify them that something strange  is  happening  with
       the system.  To specify this wall(1)-feature use an aster­
       isk (``*'').


       Here are some example, partially taken from a real  exist­
       ing  site  and  configuration.  Hopefully they rub out all
       questions to the configuration, if not, drop me  (Joey)  a

              # Store critical stuff in critical
              *.=crit;kern.none            /var/adm/critical

       This will store all messages with the priority crit in the
       file /var/adm/critical, except for any kernel message.

              # Kernel messages are first, stored in the kernel
              # file, critical messages and higher ones also go
              # to another host and to the console
              kern.*                       /var/adm/kernel
              kern.crit                    @finlandia
              kern.crit                    /dev/console
              kern.info;kern.!err          /var/adm/kernel-info

       The first rule direct any  message  that  has  the  kernel
       facility to the file /var/adm/kernel.

       The  second  statement  directs all kernel messages of the
       priority crit and higher to  the  remote  host  finlandia.
       This  is useful, because if the host crashes and the disks
       get irreparable errors you might not be able to  read  the
       stored  messages.   If  they're on a remote host, too, you
       still can try to find out the reason for the crash.

       The third rule directs these messages to the  actual  con­
       sole,  so  the  person  who  works on the machine will get
       them, too.

       The fourth line tells the syslogd to save all kernel  mes­
       sages that come with priorities from info up to warning in
       the file /var/adm/kernel-info.  Everything  from  err  and
              mail.*;mail.!=info           /var/adm/mail

       This pattern matches all messages that come with the  mail
       facility,  except  for  the  info priority.  These will be
       stored in the file /var/adm/mail.

              # Log all mail.info and news.info messages to info
              mail,news.=info              /var/adm/info

       This will extract  all  messages  that  come  either  with
       mail.info  or  with  news.info  and store them in the file

              # Log info and notice messages to messages file
                   mail.none  /var/log/messages

       This lets the syslogd log  all  messages  that  come  with
       either  the  info  or  the  notice  facility into the file
       /var/log/messages, except for all messages  that  use  the
       mail facility.

              # Log info messages to messages file
                   mail,news.none       /var/log/messages

       This statement causes the syslogd to log all messages that
       come with the info priority to the file /var/log/messages.
       But  any  message  coming either with the mail or the news
       facility will not be stored.

              # Emergency messages will be displayed using wall
              *.=emerg                     *

       This rule tells the syslogd to write  all  emergency  mes­
       sages  to all currently logged in users.  This is the wall

              # Messages of the priority alert will be directed
              # to the operator
              *.alert                      root,joey


       Syslogd  uses a slightly different syntax for its configu­
       ration file than the original BSD sources.  Originally all
       messages  of  a specific priority and above were forwarded
       to the log file.  The modifiers ``='',  ``!''   and  ``-''
       were added to make the syslogd more flexible and to use it
       in a more intuitive manner.

       The original BSD syslogd doesn't understand spaces as sep­
       arators between the selector and the action field.


              Configuration file for syslogd


       The  effects of multiple selectors are sometimes not intu­
       itive.   For  example  ``mail.crit,*.err''   will   select
       ``mail''  facility  messages  at  the  level of ``err'' or
       higher, not at the level of ``crit'' or higher.


       sysklogd(8), klogd(8), logger(1), syslog(2), syslog(3)


       The syslogd is taken  from  BSD  sources,  Greg  Wettstein
       (greg@wind.enjellic.com) performed the port to Linux, Mar­
       tin Schulze (joey@linux.de) made some bugfixes  and  added
       some new features.

Version 1.3               1 January 1998           SYSLOG.CONF(5)



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
The Linux Tutorial can use your help.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds