syslog.conf
DESCRIPTION
The syslog.conf file is the main configuration file for
the syslogd(8) which logs system messages on *nix systems.
This file specifies rules for logging. For special fea
tures see the sysklogd(8) manpage.
Every rule consists of two fields, a selector field and an
action field. These two fields are separated by one or
more spaces or tabs. The selector field specifies a pat
tern of facilities and priorities belonging to the speci
fied action.
Lines starting with a hash mark (``#'') and empty lines
are ignored.
This release of syslogd is able to understand an extended
syntax. One rule can be divided into several lines if the
leading line is terminated with an backslash (``\'').
SELECTORS
The selector field itself again consists of two parts, a
facility and a priority, separated by a period (``.'').
Both parts are case insensitive and can also be specified
as decimal numbers, but don't do that, you have been
warned. Both facilities and priorities are described in
syslog(3). The names mentioned below correspond to the
similar LOG_-values in /usr/include/syslog.h.
The facility is one of the following keywords: auth, auth
priv, cron, daemon, kern, lpr, mail, mark, news, security
(same as auth), syslog, user, uucp and local0 through
local7. The keyword security should not be used anymore
and mark is only for internal use and therefore should not
be used in applications. Anyway, you may want to specify
and redirect these messages here. The facility specifies
the subsystem that produced the message, i.e. all mail
programs log with the mail facility (LOG_MAIL) if they log
using syslog.
The priority is one of the following keywords, in ascend
ing order: debug, info, notice, warning, warn (same as
warning), err, error (same as err), crit, alert, emerg,
panic (same as emerg). The keywords error, warn and panic
are deprecated and should not be used anymore. The prior
ity defines the severity of the message
The behavior of the original BSD syslogd is that all mes
sages of the specified priority and higher are logged
according to the given action. This syslogd(8) behaves
the same, but has some extensions.
selector in the selector field is capable to overwrite the
preceding ones. Using this behavior you can exclude some
priorities from the pattern.
This syslogd(8) has a syntax extension to the original BSD
source, that makes its use more intuitively. You may pre
cede every priority with an equation sign (``='') to spec
ify only this single priority and not any of the above.
You may also (both is valid, too) precede the priority
with an exclamation mark (``!'') to ignore all that prior
ities, either exact this one or this and any higher prior
ity. If you use both extensions than the exclamation mark
must occur before the equation sign, just use it intu
itively.
ACTIONS
The action field of a rule describes the abstract term
``logfile''. A ``logfile'' need not to be a real file,
btw. The syslogd(8) provides the following actions.
Regular File
Typically messages are logged to real files. The file has
to be specified with full pathname, beginning with a slash
``/''.
You may prefix each entry with the minus ``-'' sign to
omit syncing the file after every logging. Note that you
might lose information if the system crashes right behind
a write attempt. Nevertheless this might give you back
some performance, especially if you run programs that use
logging in a very verbose manner.
Named Pipes
This version of syslogd(8) has support for logging output
to named pipes (fifos). A fifo or named pipe can be used
as a destination for log messages by prepending a pipe
symbol (``|'') to the name of the file. This is handy for
debugging. Note that the fifo must be created with the
mkfifo(1) command before syslogd(8) is started.
Terminal and Console
If the file you specified is a tty, special tty-handling
is done, same with /dev/console.
Remote Machine
This syslogd(8) provides full remote logging, i.e. is able
to send messages to a remote host running syslogd(8) and
specify more than one user by separating them with commas
(``,''). If they're logged in they get the message.
Don't think a mail would be sent, that might be too late.
Everyone logged on
Emergency messages often go to all users currently online
to notify them that something strange is happening with
the system. To specify this wall(1)-feature use an aster
isk (``*'').
EXAMPLES
Here are some example, partially taken from a real exist
ing site and configuration. Hopefully they rub out all
questions to the configuration, if not, drop me (Joey) a
line.
# Store critical stuff in critical
#
*.=crit;kern.none /var/adm/critical
This will store all messages with the priority crit in the
file /var/adm/critical, except for any kernel message.
# Kernel messages are first, stored in the kernel
# file, critical messages and higher ones also go
# to another host and to the console
#
kern.* /var/adm/kernel
kern.crit @finlandia
kern.crit /dev/console
kern.info;kern.!err /var/adm/kernel-info
The first rule direct any message that has the kernel
facility to the file /var/adm/kernel.
The second statement directs all kernel messages of the
priority crit and higher to the remote host finlandia.
This is useful, because if the host crashes and the disks
get irreparable errors you might not be able to read the
stored messages. If they're on a remote host, too, you
still can try to find out the reason for the crash.
The third rule directs these messages to the actual con
sole, so the person who works on the machine will get
them, too.
The fourth line tells the syslogd to save all kernel mes
sages that come with priorities from info up to warning in
the file /var/adm/kernel-info. Everything from err and
#
mail.*;mail.!=info /var/adm/mail
This pattern matches all messages that come with the mail
facility, except for the info priority. These will be
stored in the file /var/adm/mail.
# Log all mail.info and news.info messages to info
#
mail,news.=info /var/adm/info
This will extract all messages that come either with
mail.info or with news.info and store them in the file
/var/adm/info.
# Log info and notice messages to messages file
#
*.=info;*.=notice;\
mail.none /var/log/messages
This lets the syslogd log all messages that come with
either the info or the notice facility into the file
/var/log/messages, except for all messages that use the
mail facility.
# Log info messages to messages file
#
*.=info;\
mail,news.none /var/log/messages
This statement causes the syslogd to log all messages that
come with the info priority to the file /var/log/messages.
But any message coming either with the mail or the news
facility will not be stored.
# Emergency messages will be displayed using wall
#
*.=emerg *
This rule tells the syslogd to write all emergency mes
sages to all currently logged in users. This is the wall
action.
# Messages of the priority alert will be directed
# to the operator
#
*.alert root,joey
CONFIGURATION FILE SYNTAX DIFFERENCES
Syslogd uses a slightly different syntax for its configu
ration file than the original BSD sources. Originally all
messages of a specific priority and above were forwarded
to the log file. The modifiers ``='', ``!'' and ``-''
were added to make the syslogd more flexible and to use it
in a more intuitive manner.
The original BSD syslogd doesn't understand spaces as sep
arators between the selector and the action field.
FILES
/etc/syslog.conf
Configuration file for syslogd
BUGS
The effects of multiple selectors are sometimes not intu
itive. For example ``mail.crit,*.err'' will select
``mail'' facility messages at the level of ``err'' or
higher, not at the level of ``crit'' or higher.
SEE ALSO
sysklogd(8), klogd(8), logger(1), syslog(2), syslog(3)
AUTHORS
The syslogd is taken from BSD sources, Greg Wettstein
(greg@wind.enjellic.com) performed the port to Linux, Mar
tin Schulze (joey@linux.de) made some bugfixes and added
some new features.
Version 1.3 1 January 1998 SYSLOG.CONF(5)
|