syslog.conf
NAME
syslog.conf – syslogd configuration file
DESCRIPTION
The syslog.conf file is the configuration file for the syslogd daemon (see syslogd ). It consists of lines with two fields separated by tabs or spaces:
- selector
- action
The selector field is encoded as a facility, a period (“.”), and a level , with no intervening white-space. Both the facility and the level are case insensitive.
The facility describes the part of the system generating the message, and is one of the following keywords: auth, cron, daemon, kern and local7. Here’s a short description of each facility keyword:
- kern
- Messages generated by the filer kernel.
- daemon
- System daemons, such as the rshd daemon (see rshd ), the routing daemon (see routed ), the SNMP daemon (see snmpd ), etc.
- auth
- The authentication system, e.g. messages logged for Telnet sessions.
- cron
- The system’s internal cron facility.
- local7
- The system’s audit logging facility. All messages coming from the audit logging facility are logged at level debug.
Here is a short description of each level keyword:
- emerg
- A panic condition that results in the disruption of normal service.
- alert
- A condition that should be corrected immediately, such as a failed disk.
- crit
- Critical conditions, such as hard disk errors.
- err
- Errors, such as those resulting from a bad configuration file.
- warning
- Warning messages.
- notice
- Conditions that are not error conditions, but that may require special handling.
- info
- Informational messages, such as the hourly uptime message (see uptime ).
- debug
- Debug messages used for diagnostic purposes. These messages are supressed by default.
Multiple selectors may be specified for a single action by separating them with semicolon (“;”) characters. It is important to note, however, that each selector can modify the ones preceding it.
Multiple facilities may be specified for a single level by separating them with comma (“, ”) characters.
An asterisk (“*”) can be used to specify all facilities (except local7) or all levels .
The special level none disables a particular facility .
The action field of each line specifies the action to be taken when the selector field selects a message. There are four forms:
- A pathname (beginning with a leading slash).
- Selected messages are appended to the specified file.
- A hostname (preceded by an at (“@”) sign).
- Selected messages are forwarded to the syslogd daemon on the named host.
- /dev/console. Selected messages are written to the
- console.
- An asterisk. Selected messages are written to the
- console.
It is recommended that all /etc/syslog.conf files include the line
*.info /etc/messages
EXAMPLES
A configuration file might appear as follows:
# Log all kernel messages, and anything of level err or # higher to the console. *.err;kern.* /dev/console # Log anything of level info or higher to /etc/messages. *.info /etc/messages # Also log the messages that go to the console to a remote # loghost system called adminhost. *.err;kern.* @adminhost # Also log the messages that go to the console to the local7 # facility of another remote loghost system called adminhost2 # at level info. *.err;kern.* local7.info@adminhost2 # The /etc/secure.message file has restricted access. auth.notice /etc/secure.message
FILES
- /etc/syslog.conf
- The syslogd configuration file. /etc/syslog.conf.sample Sample syslogd configuration file.
BUGS
The effects of multiple selectors are sometimes not intuitive. For example “daemon.crit, *.err” will select “daemon” facility messages at the level of “err” or higher, not at the level of “crit” or higher.SEE ALSO
syslogd , messages
Copyright © 1994-2008 NetApp, Inc. Legal Information
