[ Previous | Next | Table of Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 5
Logs system messages.
syslogd [ -d ] [
-s ] [ -f ConfigurationFile ]
[ -m MarkInterval ]
[ -r]
The syslogd daemon
reads a datagram socket and sends each message line to a destination described
by the /etc/syslog.conf configuration
file. The syslogd daemon reads the configuration file
when it is activated and when it receives a hangup signal.
The syslogd daemon
creates the /etc/syslog.pid file, which contains a single
line with the command process ID used to end or reconfigure the
syslogd daemon.
A terminate signal sent to the
syslogd daemon ends the daemon. The syslogd
daemon logs the end-signal information and terminates immediately.
Each message is one line. A
message can contain a priority code, marked by a digit enclosed in < >
(angle braces) at the beginning of the line. Messages longer than 900
bytes may be truncated.
The
/usr/include/sys/syslog.h include file defines the facility
and priority codes used by the configuration file. Locally written
applications use the definitions contained in the syslog.h
file to log messages via the syslogd daemon.
| -d
| Turns on debugging.
|
| -f
ConfigurationFile
| Specifies an alternate configuration file.
|
| -m MarkInterval
| Specifies the number of minutes between the mark command
messages. If you do not use this flag, the mark command
sends a message with LOG_INFO priority sent every 20
minutes. This facility is not enabled by a selector field
containing an * (asterisk), which selects all other
facilities.
|
| -s
| Specifies to forward a "shortened" message to another system (if it is
configured to do so) for all the forwarding syslog messages generated on the
local system.
|
| -r
| Suppresses logging of messages received from remote hosts.
|
The configuration file informs the
syslogd daemon where to send a system message, depending on the
message's priority level and the facility that generated it.
If you do not use the
-f flag, the syslogd daemon reads the default
configuration file, the /etc/syslog.conf file.
The syslogd daemon
ignores blank lines and lines beginning with a # (pound sign).
Lines in the configuration file
for the syslogd daemon contain a selector field, an
action field, and an optional rotation field, separated
by one or more tabs.
The selector field
names a facility and a priority level. Separate facility names with a
, (comma). Separate the facility and priority-level portions of the
selector field with a . (period). Separate multiple
entries in the same selector field with a ; (semicolon). To select
all facilities, use an * (asterisk).
The action field
identifies a destination (file, host, or user) to
receive the messages. If routed to a remote host, the remote system
will handle the message as indicated in its own configuration file. To
display messages on a user's terminal, the destination field
must contain the name of a valid, logged-in system user.
The rotation field identifies how rotation is used. If
the action field is a file, then rotation can be based on size or
time, or both. One can also compress and/or archive the rotated
files.
Use the following system facility
names in the selector field:
| Facility
| Description
|
| kern
| Kernel
|
| user
| User level
|
| mail
| Mail subsystem
|
| daemon
| System daemons
|
| auth
| Security or authorization
|
| syslog
| syslogd daemon
|
| lpr
| Line-printer subsystem
|
| news
| News subsystem
|
| uucp
| uucp subsystem
|
| *
| All facilities
|
Use the following message priority
levels in the selector field. Messages of the specified
priority level and all levels above it are sent as directed.
| Priority Level
| Description
|
| emerg
| Specifies emergency messages (LOG_EMERG). These
messages are not distributed to all users. LOG_EMERG
priority messages can be logged into a separate file for reviewing.
|
| alert
| Specifies important messages (LOG_ALERT), such as a serious
hardware error. These messages are distributed to all users.
|
| crit
| Specifies critical messages not classified as errors
(LOG_CRIT), such as improper login attempts.
LOG_CRIT and higher-priority messages are sent to the system
console.
|
| err
| Specifies messages that represent error conditions (LOG_ERR),
such as an unsuccessful disk write.
|
| warning
| Specifies messages for abnormal, but recoverable, conditions
(LOG_WARNING).
|
| notice
| Specifies important informational messages
(LOG_NOTICE). Messages without a priority designation are
mapped into this priority message.
|
| info
| Specifies informational messages (LOG_INFO). These
messages can be discarded, but are useful in analyzing the system.
|
| debug
| Specifies debugging messages (LOG_DEBUG). These
messages may be discarded.
|
| none
| Excludes the selected facility. This priority level is useful only
if preceded by an entry with an * (asterisk) in the same
selector field.
|
Use the following message
destinations in the action field.
| Destination
| Description
|
| File Name
| Full path name of a file opened in append mode
|
| @Host
| Host name, preceded by @ (at sign)
|
| User[,
User][...]
| User names
|
| *
| All users
|
Use the following rotation
keywords in the rotation field.
| Keyword
| Description
|
| rotate
| This keyword must be specified after the action field.
|
| size
| This keyword specifies that rotation is based on size. It is
followed by a number and either a k (kilobytes) or
m(megabytes).
|
| time
| This keyword specifies that rotation is based on time. It is
followed by a number and either a h(hour) or d(day) or
w(week) or m(month) or y(year).
|
| files
| This keyword specifies the total number of rotated files. It is
followed by a number. If not specified, then there are unlimited number
of rotated files.
|
| compress
| This keyword specifies that the saved rotated files will be
compressed.
|
| archive
| This keyword specifies that the saved rotated files will be copied to a
directory. It is followed by the directory name.
|
- To log all mail facility
messages at the debug level or above to the file /tmp/mailsyslog,
type:
mail.debug /tmp/mailsyslog
- To send all system
messages except those from the mail facility to a host named rigil,
type:
*.debug;mail.none @rigil
- To send messages at the
emerg priority level from all facilities, and messages at the
crit priority level and above from the mail and daemon facilities,
to users nick and jam, typer:
*.emerg;mail,daemon.crit nick, jam
- To send all mail
facility messages to all users' terminal screens, type:
mail.debug *
- To log all facility messages at
the debug level or above to the file /tmp/syslog.out, and
have the file rotated when it gets larger then 500 kilobytes or if a week
passes, limit the number of rotated files to 10, use compression and also use
/syslogfiles as the archive directory, type:
*.debug /tmp/syslog.out rotate size 500k time 1w files 10 compress archive /syslogfiles
| /etc/syslog.conf
| Controls the output of syslogd.
|
| /etc/syslog.pid
| Contains the process ID.
|
The syslog subroutine.
[ Previous | Next | Table of Contents | Index |
Library Home |
Legal |
Search ]