syslog.conf(4bsd)

Synopsis

   /etc/syslog.conf

Description

A configuration entry is composed of two TAB-separated fields:

   "selector		action"

The selector field contains a semicolon-separated list of priority specifications of the form:

   facility.level [ ; facility.level ]

where facility is a system facility, or comma-separated list of facilities, and level is an indication of the severity of the condition being logged. Recognized values for facility include:

user

Messages generated by user processes. This is the default priority for messages from programs or facilities not listed in this file.

kern

Messages generated by the kernel.

mail

The mail system.

daemon

System daemons, such as ftpd(1Mtcp), routed(1Mtcp), and so on.

auth

The authorization system: login(1), su(1M), getty(1M), and so on.

lpr

The line printer spooling system: lpr(1bsd), lpc(1Mbsd), and so on.

news

Reserved for the USENET network news system.

uucp

Reserved for the UUCP system; it does not currently use the syslog mechanism.

cron

The cron/at facility; crontab(1), at(1), cron(1M), and so on.

local0-7

Reserved for local use.

mark

For timestamp messages produced internally by syslogd.

*

An asterisk indicates all facilities except for the mark facility.

Recognized values for level are (in descending order of severity):

emerg

For panic conditions that would normally be broadcast to all users.

alert

For conditions that should be corrected immediately, such as a corrupted system database.

crit

For warnings about critical conditions, such as hard device errors.

err

For other errors.

warning

For warning messages.

notice

For conditions that are not error conditions, but may require special handling.

info

Informational messages.

debug

For messages that are normally used only when debugging a program.

none

Do not send messages from the indicated facility to the selected file. For example, a selector of

   *.debug;mail.none

will send all messages except mail messages to the selected file.

The action field indicates where to forward the message. Values for this field can have one of four forms:

A filename, beginning with a leading slash, which indicates that messages specified by the selector are to be written to the specified file. The file will be opened in append mode.

The name of a remote host, prefixed with an @, as with: @server, which indicates that messages specified by the selector are to be forwarded to the syslogd on the named host.

A comma-separated list of usernames, which indicates that messages specified by the selector are to be written to the named users if they are logged in.

An asterisk, which indicates that messages specified by the selector are to be written to all logged-in users.

Blank lines are ignored. Lines for which the first nonwhite character is a `#' are treated as comments.

Example

With the following configuration file:

   *.notice;mail.info     /var/log/notice
   *.crit                 /var/log/critical
   kern,mark.debug        /dev/console
   kern.err               @server
   *.emerg                *
   *.alert                root,operator
   *.alert;auth.warning   /var/log/auth

syslogd will log all mail system messages except debug messages and all notice (or higher) messages into a file named /var/log/notice. It logs all critical messages into /var/log/critical, and all kernel messages and 20-minute marks onto the system console.

Kernel messages of err (error) severity or higher are forwarded to the machine named server. Emergency messages are forwarded to all users. The users \(lqroot\(rq and \(lqoperator\(rq are informed of any alert messages. All messages from the authorization system of warning level or higher are logged in the file /var/log/auth.

Files

/etc/syslog.conf

References