[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 5
syslogd Daemon
Purpose
Logs system messages.
Syntax
syslogd [ -d ] [ -s ] [ -f ConfigurationFile ] [ -m MarkInterval ] [ -r] [ -n ] [ -p LogName ]
Description
The syslogd daemon reads a datagram
socket and sends each message line to a destination described by the /etc/syslog.conf configuration file. The syslogd daemon reads the configuration file when it is activated
and when it receives a hangup signal.
The syslogd daemon creates the /etc/syslog.pid file, which contains a single line with
the command process ID used to end or reconfigure the syslogd daemon.
A terminate signal sent to the syslogd daemon ends the daemon. The syslogd daemon logs
the end-signal information and terminates immediately.
Each message is one line. A message can contain a
priority code, marked by a digit enclosed in < > (angle braces) at
the beginning of the line. Messages longer than 900 bytes may be truncated.
The /usr/include/sys/syslog.h include
file defines the facility and priority codes used by the configuration file.
Locally written applications use the definitions contained in the syslog.h file to log messages via the syslogd daemon.
Flags
|
-d |
Turns on debugging. |
|
-f ConfigurationFile |
Specifies an alternate configuration file. |
|
-m MarkInterval |
Specifies the number of minutes between the mark command messages. If you do not use this flag, the mark command sends a message with LOG_INFO priority
sent every 20 minutes. This facility is not enabled by a selector field containing an * (asterisk), which
selects all other facilities. |
|
-s |
Specifies to forward a "shortened" message to another system (if
it is configured to do so) for all the forwarding syslog messages generated
on the local system. |
|
-r |
Suppresses logging of messages received from remote hosts. |
|
-n |
Supresses the "Message forwarded from <log_host_name>: " string
added to the beginning of the syslog message that is
forwarded to a remote log host. |
|
-p |
Specifies an alternate path name for the UNIX datagram socket. |
Configuration File
The configuration file informs the syslogd daemon where to send a system message, depending on the message's
priority level and the facility that generated it.
If you do not use the -f flag,
the syslogd daemon reads the default configuration file,
the /etc/syslog.conf file.
The syslogd daemon ignores blank
lines and lines beginning with a # (pound sign).
Format
Lines in the configuration file for the syslogd daemon contain a selector field,
an action field, and an optional rotation field, separated by one or more tabs.
The selector field names
a facility and a priority level. Separate facility names with a , (comma). Separate the
facility and priority-level portions of the selector field with a . (period). Separate multiple entries in the same selector
field with a ; (semicolon). To select all facilities, use an * (asterisk).
The action field identifies
a destination (file, host, or user) to receive
the messages. If routed to a remote host, the remote system will handle the
message as indicated in its own configuration file. To display messages on
a user's terminal, the destination field must
contain the name of a valid, logged-in system user.
The rotation field identifies how rotation
is used. If the action field is a file, then
rotation can be based on size or time, or both. One can also compress and/or
archive the rotated files.
Facilities
Use the following system facility names in the selector field:
| Facility |
Description |
|
kern |
Kernel |
|
user |
User level |
|
mail |
Mail subsystem |
|
daemon |
System daemons |
|
auth |
Security or authorization |
|
syslog |
syslogd daemon |
|
lpr |
Line-printer subsystem |
|
news |
News subsystem |
|
uucp |
uucp subsystem |
|
* |
All facilities |
Priority Levels
Use the following message priority levels in the selector field. Messages of the specified priority
level and all levels above it are sent as directed.
| Priority Level |
Description |
|
emerg |
Specifies emergency messages (LOG_EMERG). These
messages are not distributed to all users. LOG_EMERG priority
messages can be logged into a separate file for reviewing. |
|
alert |
Specifies important messages (LOG_ALERT), such
as a serious hardware error. These messages are distributed to all users. |
|
crit |
Specifies critical messages not classified as errors (LOG_CRIT), such as improper login attempts. LOG_CRIT and higher-priority messages are sent to the system console. |
|
err |
Specifies messages that represent error conditions (LOG_ERR), such as an unsuccessful disk write. |
|
warning |
Specifies messages for abnormal, but recoverable, conditions (LOG_WARNING). |
|
notice |
Specifies important informational messages (LOG_NOTICE). Messages without a priority designation are mapped into this priority
message. |
|
info |
Specifies informational messages (LOG_INFO).
These messages can be discarded, but are useful in analyzing the system. |
|
debug |
Specifies debugging messages (LOG_DEBUG). These
messages may be discarded. |
|
none |
Excludes the selected facility. This priority level is useful only
if preceded by an entry with an * (asterisk) in the
same selector field. |
Destinations
Use the following message destinations in the action field.
| Destination |
Description |
|
File Name |
Full path name of a file opened in append mode |
|
@Host |
Host name, preceded by @ (at sign) |
|
User[, User][...] |
User names |
|
* |
All users |
Rotation
Use the following rotation keywords in the rotation field.
| Keyword |
Description |
|
rotate |
This keyword must be specified after the action field. |
|
size |
This keyword specifies that rotation is based on size. It is followed
by a number and either a k (kilobytes) or m(megabytes). |
|
time |
This keyword specifies that rotation is based on time. It is followed
by a number and either a h(hour) or d(day) or w(week) or m(month)
or y(year). |
|
files |
This keyword specifies the total number of rotated files. It is followed
by a number. If not specified, then there are unlimited number of rotated
files. |
|
compress |
This keyword specifies that the saved rotated files will be compressed. |
|
archive |
This keyword specifies that the saved rotated files will be copied
to a directory. It is followed by the directory name. |
Examples
- To log all mail facility messages at the
debug level or above to the file /tmp/mailsyslog, type:
mail.debug /tmp/mailsyslog
- To send all system messages except those
from the mail facility to a host named rigil,
type:
*.debug;mail.none @rigil
- To send messages at the emerg priority level from all facilities, and messages at the crit priority level and above from the mail and daemon facilities, to
users nick and jam,
typer:
*.emerg;mail,daemon.crit nick, jam
- To send all mail facility messages to all
users' terminal screens, type:
mail.debug *
- To log all facility messages at the debug level
or above to the file /tmp/syslog.out, and have the
file rotated when it gets larger then 500 kilobytes or if a week passes,
limit the number of rotated files to 10, use compression and also use /syslogfiles as the archive directory, type:
*.debug /tmp/syslog.out rotate size 500k time 1w files 10 compress archive /syslogfiles
Files
|
/etc/syslog.conf |
Controls the output of syslogd. |
|
/etc/syslog.pid |
Contains the process ID. |
Related Information
The syslog subroutine.
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]