version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
SYSLOG.CONF |
|
|
2 |
!!!SYSLOG.CONF |
|
|
3 |
NAME |
|
|
4 |
DESCRIPTION |
|
|
5 |
SELECTORS |
|
|
6 |
ACTIONS |
|
|
7 |
EXAMPLES |
|
|
8 |
CONFIGURATION FILE SYNTAX DIFFERENCES |
|
|
9 |
FILES |
|
|
10 |
BUGS |
|
|
11 |
SEE ALSO |
|
|
12 |
AUTHORS |
|
|
13 |
---- |
|
|
14 |
!!NAME |
|
|
15 |
|
|
|
16 |
|
|
|
17 |
syslog.conf - syslogd(8) configuration file |
|
|
18 |
!!DESCRIPTION |
|
|
19 |
|
|
|
20 |
|
|
|
21 |
The ''syslog.conf'' file is the main configuration file |
|
|
22 |
for the syslogd(8) which logs system messages on *nix |
|
|
23 |
systems. This file specifies rules for logging. For special |
|
|
24 |
features see the sysklogd(8) manpage. |
|
|
25 |
|
|
|
26 |
|
|
|
27 |
Every rule consists of two fields, a ''selector'' field |
|
|
28 |
and an ''action'' field. These two fields are separated |
|
|
29 |
by one or more spaces or tabs. The selector field specifies |
|
|
30 |
a pattern of facilities and priorities belonging to the |
|
|
31 |
specified action. |
|
|
32 |
|
|
|
33 |
|
|
|
34 |
Lines starting with a hash mark (``#'') and empty lines are |
|
|
35 |
ignored. |
|
|
36 |
|
|
|
37 |
|
|
|
38 |
This release of __syslogd__ is able to understand an |
|
|
39 |
extended syntax. One rule can be divided into several lines |
|
|
40 |
if the leading line is terminated with an backslash |
|
|
41 |
(``''). |
|
|
42 |
!!SELECTORS |
|
|
43 |
|
|
|
44 |
|
|
|
45 |
The selector field itself again consists of two parts, a |
|
|
46 |
''facility'' and a ''priority'', separated by a period |
|
|
47 |
(``.''). Both parts are case insensitive and can also be |
|
|
48 |
specified as decimal numbers, but don't do that, you have |
|
|
49 |
been warned. Both facilities and priorities are described in |
|
|
50 |
syslog(3). The names mentioned below correspond to |
|
|
51 |
the similar __LOG___-values in |
|
|
52 |
''/usr/include/syslog.h''. |
|
|
53 |
|
|
|
54 |
|
|
|
55 |
The ''facility'' is one of the following keywords: |
|
|
56 |
__auth__, __authpriv__, __cron__, __daemon__, |
|
|
57 |
__ftp__, __kern__, __lpr__, __mail__, |
|
|
58 |
__mark__, __news__, __security__ (same as |
|
|
59 |
__auth__), __syslog__, __user__, __uucp__ and |
|
|
60 |
__local0__ through __local7__. The keyword |
|
|
61 |
__security__ should not be used anymore and __mark__ |
|
|
62 |
is only for internal use and therefore should not be used in |
|
|
63 |
applications. Anyway, you may want to specify and redirect |
|
|
64 |
these messages here. The ''facility'' specifies the |
|
|
65 |
subsystem that produced the message, i.e. all mail programs |
|
|
66 |
log with the mail facility (__LOG_MAIL__) if they log |
|
|
67 |
using syslog. |
|
|
68 |
|
|
|
69 |
|
|
|
70 |
The ''priority'' is one of the following keywords, in |
|
|
71 |
ascending order: __debug__, __info__, __notice__, |
|
|
72 |
__warning__, __warn__ (same as __warning__), |
|
|
73 |
__err__, __error__ (same as __err__), __crit__, |
|
|
74 |
__alert__, __emerg__, __panic__ (same as |
|
|
75 |
__emerg__). The keywords __error__, __warn__ and |
|
|
76 |
__panic__ are deprecated and should not be used anymore. |
|
|
77 |
The ''priority'' defines the severity of the |
|
|
78 |
message |
|
|
79 |
|
|
|
80 |
|
|
|
81 |
The behavior of the original BSD syslogd is that all |
|
|
82 |
messages of the specified priority and higher are logged |
|
|
83 |
according to the given action. This syslogd(8) |
|
|
84 |
behaves the same, but has some extensions. |
|
|
85 |
|
|
|
86 |
|
|
|
87 |
In addition to the above mentioned names the |
|
|
88 |
syslogd(8) understands the following extensions: An |
|
|
89 |
asterisk (``*'') stands for all facilities or all |
|
|
90 |
priorities, depending on where it is used (before or after |
|
|
91 |
the period). The keyword __none__ stands for no priority |
|
|
92 |
of the given facility. |
|
|
93 |
|
|
|
94 |
|
|
|
95 |
You can specify multiple facilities with the same priority |
|
|
96 |
pattern in one statement using the comma (``,'') operator. |
|
|
97 |
You may specify as much facilities as you want. Remember |
|
|
98 |
that only the facility part from such a statement is taken, |
|
|
99 |
a priority part would be skipped. |
|
|
100 |
|
|
|
101 |
|
|
|
102 |
Multiple selectors may be specified for a single |
|
|
103 |
''action'' using the semicolon (``;'') separator. |
|
|
104 |
Remember that each selector in the ''selector'' field is |
|
|
105 |
capable to overwrite the preceding ones. Using this behavior |
|
|
106 |
you can exclude some priorities from the |
|
|
107 |
pattern. |
|
|
108 |
|
|
|
109 |
|
|
|
110 |
This syslogd(8) has a syntax extension to the |
|
|
111 |
original BSD source, that makes its use more intuitively. |
|
|
112 |
You may precede every priority with an equation sign (``='') |
|
|
113 |
to specify only this single priority and not any of the |
|
|
114 |
above. You may also (both is valid, too) precede the |
|
|
115 |
priority with an exclamation mark (``!'') to ignore all that |
|
|
116 |
priorities, either exact this one or this and any higher |
|
|
117 |
priority. If you use both extensions than the exclamation |
|
|
118 |
mark must occur before the equation sign, just use it |
|
|
119 |
intuitively. |
|
|
120 |
!!ACTIONS |
|
|
121 |
|
|
|
122 |
|
|
|
123 |
The action field of a rule describes the abstract term |
|
|
124 |
``logfile''. A ``logfile'' need not to be a real file, btw. |
|
|
125 |
The syslogd(8) provides the following |
|
|
126 |
actions. |
|
|
127 |
|
|
|
128 |
|
|
|
129 |
__Regular File__ |
|
|
130 |
|
|
|
131 |
|
|
|
132 |
Typically messages are logged to real files. The file has to |
|
|
133 |
be specified with full pathname, beginning with a slash |
|
|
134 |
``/''. |
|
|
135 |
|
|
|
136 |
|
|
|
137 |
You may prefix each entry with the minus ``-'' sign to omit |
|
|
138 |
syncing the file after every logging. Note that you might |
|
|
139 |
lose information if the system crashes right behind a write |
|
|
140 |
attempt. Nevertheless this might give you back some |
|
|
141 |
performance, especially if you run programs that use logging |
|
|
142 |
in a very verbose manner. |
|
|
143 |
|
|
|
144 |
|
|
|
145 |
__Named Pipes__ |
|
|
146 |
|
|
|
147 |
|
|
|
148 |
This version of syslogd(8) has support for logging |
|
|
149 |
output to named pipes (fifos). A fifo or named pipe can be |
|
|
150 |
used as a destination for log messages by prepending a pipe |
|
|
151 |
symbol (``|'') to the name of the file. This is handy for |
|
|
152 |
debugging. Note that the fifo must be created with the |
|
|
153 |
mkfifo(1) command before syslogd(8) is |
|
|
154 |
started. |
|
|
155 |
|
|
|
156 |
|
|
|
157 |
__Terminal and Console__ |
|
|
158 |
|
|
|
159 |
|
|
|
160 |
If the file you specified is a tty, special tty-handling is |
|
|
161 |
done, same with ''/dev/console''. |
|
|
162 |
|
|
|
163 |
|
|
|
164 |
__Remote Machine__ |
|
|
165 |
|
|
|
166 |
|
|
|
167 |
This syslogd(8) provides full remote logging, i.e. is |
|
|
168 |
able to send messages to a remote host running |
|
|
169 |
syslogd(8) and to receive messages from remote hosts. |
|
|
170 |
The remote host won't forward the message again, it will |
|
|
171 |
just log them locally. To forward messages to another host, |
|
|
172 |
prepend the hostname with the at sign (``@''). |
|
|
173 |
|
|
|
174 |
|
|
|
175 |
Using this feature you're able to control all syslog |
|
|
176 |
messages on one host, if all other machines will log |
|
|
177 |
remotely to that. This tears down administration |
|
|
178 |
needs. |
|
|
179 |
|
|
|
180 |
|
|
|
181 |
__List of Users__ |
|
|
182 |
|
|
|
183 |
|
|
|
184 |
Usually critical messages are also directed to ``root'' on |
|
|
185 |
that machine. You can specify a list of users that shall get |
|
|
186 |
the message by simply writing the login. You may specify |
|
|
187 |
more than one user by separating them with commas (``,''). |
|
|
188 |
If they're logged in they get the message. Don't think a |
|
|
189 |
mail would be sent, that might be too late. |
|
|
190 |
|
|
|
191 |
|
|
|
192 |
__Everyone logged on__ |
|
|
193 |
|
|
|
194 |
|
|
|
195 |
Emergency messages often go to all users currently online to |
|
|
196 |
notify them that something strange is happening with the |
|
|
197 |
system. To specify this wall(1)-feature use an |
|
|
198 |
asterisk (``*''). |
|
|
199 |
!!EXAMPLES |
|
|
200 |
|
|
|
201 |
|
|
|
202 |
Here are some example, partially taken from a real existing |
|
|
203 |
site and configuration. Hopefully they rub out all questions |
|
|
204 |
to the configuration, if not, drop me (Joey) a |
|
|
205 |
line. |
|
|
206 |
|
|
|
207 |
|
|
|
208 |
# Store critical stuff in critical |
|
|
209 |
# |
|
|
210 |
*.=crit;kern.none /var/adm/critical |
|
|
211 |
|
|
|
212 |
|
|
|
213 |
This will store all messages with the priority __crit__ |
|
|
214 |
in the file ''/var/adm/critical'', except for any kernel |
|
|
215 |
message. |
|
|
216 |
|
|
|
217 |
|
|
|
218 |
# Kernel messages are first, stored in the kernel |
|
|
219 |
# file, critical messages and higher ones also go |
|
|
220 |
# to another host and to the console |
|
|
221 |
# |
|
|
222 |
kern.* /var/adm/kernel |
|
|
223 |
kern.crit @finlandia |
|
|
224 |
kern.crit /dev/console |
|
|
225 |
kern.info;kern.!err /var/adm/kernel-info |
|
|
226 |
|
|
|
227 |
|
|
|
228 |
The first rule direct any message that has the kernel |
|
|
229 |
facility to the file ''/var/adm/kernel''. |
|
|
230 |
|
|
|
231 |
|
|
|
232 |
The second statement directs all kernel messages of the |
|
|
233 |
priority __crit__ and higher to the remote host |
|
|
234 |
finlandia. This is useful, because if the host crashes and |
|
|
235 |
the disks get irreparable errors you might not be able to |
|
|
236 |
read the stored messages. If they're on a remote host, too, |
|
|
237 |
you still can try to find out the reason for the |
|
|
238 |
crash. |
|
|
239 |
|
|
|
240 |
|
|
|
241 |
The third rule directs these messages to the actual console, |
|
|
242 |
so the person who works on the machine will get them, |
|
|
243 |
too. |
|
|
244 |
|
|
|
245 |
|
|
|
246 |
The fourth line tells the syslogd to save all kernel |
|
|
247 |
messages that come with priorities from __info__ up to |
|
|
248 |
__warning__ in the file ''/var/adm/kernel-info''. |
|
|
249 |
Everything from ''err'' and higher is |
|
|
250 |
excluded. |
|
|
251 |
|
|
|
252 |
|
|
|
253 |
# The tcp wrapper loggs with mail.info, we display |
|
|
254 |
# all the connections on tty12 |
|
|
255 |
# |
|
|
256 |
mail.=info /dev/tty12 |
|
|
257 |
|
|
|
258 |
|
|
|
259 |
This directs all messages that uses __mail.info__ (in |
|
|
260 |
source __LOG_MAIL__ | __LOG_INFO__) to |
|
|
261 |
''/dev/tty12'', the 12th console. For example the |
|
|
262 |
tcpwrapper tcpd(8) uses this as it's |
|
|
263 |
default. |
|
|
264 |
|
|
|
265 |
|
|
|
266 |
# Store all mail concerning stuff in a file |
|
|
267 |
# |
|
|
268 |
mail.*;mail.!=info /var/adm/mail |
|
|
269 |
|
|
|
270 |
|
|
|
271 |
This pattern matches all messages that come with the |
|
|
272 |
__mail__ facility, except for the __info__ priority. |
|
|
273 |
These will be stored in the file |
|
|
274 |
''/var/adm/mail''. |
|
|
275 |
|
|
|
276 |
|
|
|
277 |
# Log all mail.info and news.info messages to info |
|
|
278 |
# |
|
|
279 |
mail,news.=info /var/adm/info |
|
|
280 |
|
|
|
281 |
|
|
|
282 |
This will extract all messages that come either with |
|
|
283 |
__mail.info__ or with __news.info__ and store them in |
|
|
284 |
the file ''/var/adm/info''. |
|
|
285 |
|
|
|
286 |
|
|
|
287 |
# Log info and notice messages to messages file |
|
|
288 |
# |
|
|
289 |
*.=info;*.=notice;\ |
|
|
290 |
mail.none /var/log/messages |
|
|
291 |
|
|
|
292 |
|
|
|
293 |
This lets the __syslogd__ log all messages that come with |
|
|
294 |
either the __info__ or the __notice__ priority into |
|
|
295 |
the file ''/var/log/messages'', except for all messages |
|
|
296 |
that use the __mail__ facility. |
|
|
297 |
|
|
|
298 |
|
|
|
299 |
# Log info messages to messages file |
|
|
300 |
# |
|
|
301 |
*.=info;\ |
|
|
302 |
mail,news.none /var/log/messages |
|
|
303 |
|
|
|
304 |
|
|
|
305 |
This statement causes the __syslogd__ to log all messages |
|
|
306 |
that come with the __info__ priority to the file |
|
|
307 |
''/var/log/messages''. But any message coming either with |
|
|
308 |
the __mail__ or the __news__ facility will not be |
|
|
309 |
stored. |
|
|
310 |
|
|
|
311 |
|
|
|
312 |
# Emergency messages will be displayed using wall |
|
|
313 |
# |
|
|
314 |
*.=emerg * |
|
|
315 |
|
|
|
316 |
|
|
|
317 |
This rule tells the __syslogd__ to write all emergency |
|
|
318 |
messages to all currently logged in users. This is the wall |
|
|
319 |
action. |
|
|
320 |
|
|
|
321 |
|
|
|
322 |
# Messages of the priority alert will be directed |
|
|
323 |
# to the operator |
|
|
324 |
# |
|
|
325 |
*.alert root,joey |
|
|
326 |
|
|
|
327 |
|
|
|
328 |
This rule directs all messages with a priority of |
|
|
329 |
__alert__ or higher to the terminals of the operator, |
|
|
330 |
i.e. of the users ``root'' and ``joey'' if they're logged |
|
|
331 |
in. |
|
|
332 |
|
|
|
333 |
|
|
|
334 |
*.* @finlandia |
|
|
335 |
|
|
|
336 |
|
|
|
337 |
This rule would redirect all messages to a remote host |
|
|
338 |
called finlandia. This is useful especially in a cluster of |
|
|
339 |
machines where all syslog messages will be stored on only |
|
|
340 |
one machine. |
|
|
341 |
!!CONFIGURATION FILE SYNTAX DIFFERENCES |
|
|
342 |
|
|
|
343 |
|
|
|
344 |
__Syslogd__ uses a slightly different syntax for its |
|
|
345 |
configuration file than the original BSD sources. Originally |
|
|
346 |
all messages of a specific priority and above were forwarded |
|
|
347 |
to the log file. The modifiers ``='', ``!'' and ``-'' were |
|
|
348 |
added to make the __syslogd__ more flexible and to use it |
|
|
349 |
in a more intuitive manner. |
|
|
350 |
|
|
|
351 |
|
|
|
352 |
The original BSD syslogd doesn't understand spaces as |
|
|
353 |
separators between the selector and the action |
|
|
354 |
field. |
|
|
355 |
!!FILES |
|
|
356 |
|
|
|
357 |
|
|
|
358 |
''/etc/syslog.conf'' |
|
|
359 |
|
|
|
360 |
|
|
|
361 |
Configuration file for __syslogd__ |
|
|
362 |
!!BUGS |
|
|
363 |
|
|
|
364 |
|
|
|
365 |
The effects of multiple selectors are sometimes not |
|
|
366 |
intuitive. For example ``mail.crit,*.err'' will select |
|
|
367 |
``mail'' facility messages at the level of ``err'' or |
|
|
368 |
higher, not at the level of ``crit'' or higher. |
|
|
369 |
!!SEE ALSO |
|
|
370 |
|
|
|
371 |
|
|
|
372 |
sysklogd(8), klogd(8), logger(1), |
|
|
373 |
syslog(2), syslog(3) |
|
|
374 |
!!AUTHORS |
|
|
375 |
|
|
|
376 |
|
|
|
377 |
The __syslogd__ is taken from BSD sources, Greg Wettstein |
|
|
378 |
(greg@wind.enjellic.com) performed the port to Linux, Martin |
|
|
379 |
Schulze (joey@linux.de) made some bugfixes and added some |
|
|
380 |
new features. |
|
|
381 |
---- |