Penguin
Blame: syslog.conf(5)
EditPageHistoryDiffInfoLikePages
Annotated edit history of syslog.conf(5) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 SYSLOG.CONF
2 !!!SYSLOG.CONF
3 NAME
4 DESCRIPTION
5 SELECTORS
6 ACTIONS
7 EXAMPLES
8 CONFIGURATION FILE SYNTAX DIFFERENCES
9 FILES
10 BUGS
11 SEE ALSO
12 AUTHORS
13 ----
14 !!NAME
15
16
17 syslog.conf - syslogd(8) configuration file
18 !!DESCRIPTION
19
20
21 The ''syslog.conf'' file is the main configuration file
22 for the syslogd(8) which logs system messages on *nix
23 systems. This file specifies rules for logging. For special
24 features see the sysklogd(8) manpage.
25
26
27 Every rule consists of two fields, a ''selector'' field
28 and an ''action'' field. These two fields are separated
29 by one or more spaces or tabs. The selector field specifies
30 a pattern of facilities and priorities belonging to the
31 specified action.
32
33
34 Lines starting with a hash mark (``#'') and empty lines are
35 ignored.
36
37
38 This release of __syslogd__ is able to understand an
39 extended syntax. One rule can be divided into several lines
40 if the leading line is terminated with an backslash
41 (``'').
42 !!SELECTORS
43
44
45 The selector field itself again consists of two parts, a
46 ''facility'' and a ''priority'', separated by a period
47 (``.''). Both parts are case insensitive and can also be
48 specified as decimal numbers, but don't do that, you have
49 been warned. Both facilities and priorities are described in
50 syslog(3). The names mentioned below correspond to
51 the similar __LOG___-values in
52 ''/usr/include/syslog.h''.
53
54
55 The ''facility'' is one of the following keywords:
56 __auth__, __authpriv__, __cron__, __daemon__,
57 __ftp__, __kern__, __lpr__, __mail__,
58 __mark__, __news__, __security__ (same as
59 __auth__), __syslog__, __user__, __uucp__ and
60 __local0__ through __local7__. The keyword
61 __security__ should not be used anymore and __mark__
62 is only for internal use and therefore should not be used in
63 applications. Anyway, you may want to specify and redirect
64 these messages here. The ''facility'' specifies the
65 subsystem that produced the message, i.e. all mail programs
66 log with the mail facility (__LOG_MAIL__) if they log
67 using syslog.
68
69
70 The ''priority'' is one of the following keywords, in
71 ascending order: __debug__, __info__, __notice__,
72 __warning__, __warn__ (same as __warning__),
73 __err__, __error__ (same as __err__), __crit__,
74 __alert__, __emerg__, __panic__ (same as
75 __emerg__). The keywords __error__, __warn__ and
76 __panic__ are deprecated and should not be used anymore.
77 The ''priority'' defines the severity of the
78 message
79
80
81 The behavior of the original BSD syslogd is that all
82 messages of the specified priority and higher are logged
83 according to the given action. This syslogd(8)
84 behaves the same, but has some extensions.
85
86
87 In addition to the above mentioned names the
88 syslogd(8) understands the following extensions: An
89 asterisk (``*'') stands for all facilities or all
90 priorities, depending on where it is used (before or after
91 the period). The keyword __none__ stands for no priority
92 of the given facility.
93
94
95 You can specify multiple facilities with the same priority
96 pattern in one statement using the comma (``,'') operator.
97 You may specify as much facilities as you want. Remember
98 that only the facility part from such a statement is taken,
99 a priority part would be skipped.
100
101
102 Multiple selectors may be specified for a single
103 ''action'' using the semicolon (``;'') separator.
104 Remember that each selector in the ''selector'' field is
105 capable to overwrite the preceding ones. Using this behavior
106 you can exclude some priorities from the
107 pattern.
108
109
110 This syslogd(8) has a syntax extension to the
111 original BSD source, that makes its use more intuitively.
112 You may precede every priority with an equation sign (``='')
113 to specify only this single priority and not any of the
114 above. You may also (both is valid, too) precede the
115 priority with an exclamation mark (``!'') to ignore all that
116 priorities, either exact this one or this and any higher
117 priority. If you use both extensions than the exclamation
118 mark must occur before the equation sign, just use it
119 intuitively.
120 !!ACTIONS
121
122
123 The action field of a rule describes the abstract term
124 ``logfile''. A ``logfile'' need not to be a real file, btw.
125 The syslogd(8) provides the following
126 actions.
127
128
129 __Regular File__
130
131
132 Typically messages are logged to real files. The file has to
133 be specified with full pathname, beginning with a slash
134 ``/''.
135
136
137 You may prefix each entry with the minus ``-'' sign to omit
138 syncing the file after every logging. Note that you might
139 lose information if the system crashes right behind a write
140 attempt. Nevertheless this might give you back some
141 performance, especially if you run programs that use logging
142 in a very verbose manner.
143
144
145 __Named Pipes__
146
147
148 This version of syslogd(8) has support for logging
149 output to named pipes (fifos). A fifo or named pipe can be
150 used as a destination for log messages by prepending a pipe
151 symbol (``|'') to the name of the file. This is handy for
152 debugging. Note that the fifo must be created with the
153 mkfifo(1) command before syslogd(8) is
154 started.
155
156
157 __Terminal and Console__
158
159
160 If the file you specified is a tty, special tty-handling is
161 done, same with ''/dev/console''.
162
163
164 __Remote Machine__
165
166
167 This syslogd(8) provides full remote logging, i.e. is
168 able to send messages to a remote host running
169 syslogd(8) and to receive messages from remote hosts.
170 The remote host won't forward the message again, it will
171 just log them locally. To forward messages to another host,
172 prepend the hostname with the at sign (``@'').
173
174
175 Using this feature you're able to control all syslog
176 messages on one host, if all other machines will log
177 remotely to that. This tears down administration
178 needs.
179
180
181 __List of Users__
182
183
184 Usually critical messages are also directed to ``root'' on
185 that machine. You can specify a list of users that shall get
186 the message by simply writing the login. You may specify
187 more than one user by separating them with commas (``,'').
188 If they're logged in they get the message. Don't think a
189 mail would be sent, that might be too late.
190
191
192 __Everyone logged on__
193
194
195 Emergency messages often go to all users currently online to
196 notify them that something strange is happening with the
197 system. To specify this wall(1)-feature use an
198 asterisk (``*'').
199 !!EXAMPLES
200
201
202 Here are some example, partially taken from a real existing
203 site and configuration. Hopefully they rub out all questions
204 to the configuration, if not, drop me (Joey) a
205 line.
206
207
208 # Store critical stuff in critical
209 #
210 *.=crit;kern.none /var/adm/critical
211
212
213 This will store all messages with the priority __crit__
214 in the file ''/var/adm/critical'', except for any kernel
215 message.
216
217
218 # Kernel messages are first, stored in the kernel
219 # file, critical messages and higher ones also go
220 # to another host and to the console
221 #
222 kern.* /var/adm/kernel
223 kern.crit @finlandia
224 kern.crit /dev/console
225 kern.info;kern.!err /var/adm/kernel-info
226
227
228 The first rule direct any message that has the kernel
229 facility to the file ''/var/adm/kernel''.
230
231
232 The second statement directs all kernel messages of the
233 priority __crit__ and higher to the remote host
234 finlandia. This is useful, because if the host crashes and
235 the disks get irreparable errors you might not be able to
236 read the stored messages. If they're on a remote host, too,
237 you still can try to find out the reason for the
238 crash.
239
240
241 The third rule directs these messages to the actual console,
242 so the person who works on the machine will get them,
243 too.
244
245
246 The fourth line tells the syslogd to save all kernel
247 messages that come with priorities from __info__ up to
248 __warning__ in the file ''/var/adm/kernel-info''.
249 Everything from ''err'' and higher is
250 excluded.
251
252
253 # The tcp wrapper loggs with mail.info, we display
254 # all the connections on tty12
255 #
256 mail.=info /dev/tty12
257
258
259 This directs all messages that uses __mail.info__ (in
260 source __LOG_MAIL__ | __LOG_INFO__) to
261 ''/dev/tty12'', the 12th console. For example the
262 tcpwrapper tcpd(8) uses this as it's
263 default.
264
265
266 # Store all mail concerning stuff in a file
267 #
268 mail.*;mail.!=info /var/adm/mail
269
270
271 This pattern matches all messages that come with the
272 __mail__ facility, except for the __info__ priority.
273 These will be stored in the file
274 ''/var/adm/mail''.
275
276
277 # Log all mail.info and news.info messages to info
278 #
279 mail,news.=info /var/adm/info
280
281
282 This will extract all messages that come either with
283 __mail.info__ or with __news.info__ and store them in
284 the file ''/var/adm/info''.
285
286
287 # Log info and notice messages to messages file
288 #
289 *.=info;*.=notice;\
290 mail.none /var/log/messages
291
292
293 This lets the __syslogd__ log all messages that come with
294 either the __info__ or the __notice__ priority into
295 the file ''/var/log/messages'', except for all messages
296 that use the __mail__ facility.
297
298
299 # Log info messages to messages file
300 #
301 *.=info;\
302 mail,news.none /var/log/messages
303
304
305 This statement causes the __syslogd__ to log all messages
306 that come with the __info__ priority to the file
307 ''/var/log/messages''. But any message coming either with
308 the __mail__ or the __news__ facility will not be
309 stored.
310
311
312 # Emergency messages will be displayed using wall
313 #
314 *.=emerg *
315
316
317 This rule tells the __syslogd__ to write all emergency
318 messages to all currently logged in users. This is the wall
319 action.
320
321
322 # Messages of the priority alert will be directed
323 # to the operator
324 #
325 *.alert root,joey
326
327
328 This rule directs all messages with a priority of
329 __alert__ or higher to the terminals of the operator,
330 i.e. of the users ``root'' and ``joey'' if they're logged
331 in.
332
333
334 *.* @finlandia
335
336
337 This rule would redirect all messages to a remote host
338 called finlandia. This is useful especially in a cluster of
339 machines where all syslog messages will be stored on only
340 one machine.
341 !!CONFIGURATION FILE SYNTAX DIFFERENCES
342
343
344 __Syslogd__ uses a slightly different syntax for its
345 configuration file than the original BSD sources. Originally
346 all messages of a specific priority and above were forwarded
347 to the log file. The modifiers ``='', ``!'' and ``-'' were
348 added to make the __syslogd__ more flexible and to use it
349 in a more intuitive manner.
350
351
352 The original BSD syslogd doesn't understand spaces as
353 separators between the selector and the action
354 field.
355 !!FILES
356
357
358 ''/etc/syslog.conf''
359
360
361 Configuration file for __syslogd__
362 !!BUGS
363
364
365 The effects of multiple selectors are sometimes not
366 intuitive. For example ``mail.crit,*.err'' will select
367 ``mail'' facility messages at the level of ``err'' or
368 higher, not at the level of ``crit'' or higher.
369 !!SEE ALSO
370
371
372 sysklogd(8), klogd(8), logger(1),
373 syslog(2), syslog(3)
374 !!AUTHORS
375
376
377 The __syslogd__ is taken from BSD sources, Greg Wettstein
378 (greg@wind.enjellic.com) performed the port to Linux, Martin
379 Schulze (joey@linux.de) made some bugfixes and added some
380 new features.
381 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.