The syslog.conf file provides configuration information for the syslogd daemon.
Informs the syslogd daemon where to send a system message, depending on the message's priority level and the facility that generated it.
The syslogd daemon reads the configuration file when it is activated and when it receives a hang up. The syslog.conf file can be changed while the syslogd daemon is running by issuing a refresh command to the syslogd subsystem:
refresh -s syslogd
If you do not use the -f flag with the syslogd daemon, it reads the default /etc/syslog.conf configuration file.
The syslogd daemon ignores blank lines and lines beginning with a # (pound sign). Lines in the configuration file for the syslogd daemon contain a selector field, an action field, and an optional rotation field, separated by one or more tabs.
The selector field names a facility and a priority level. Separate facility names with a , (comma). Separate the facility and priority-level portions of the selector field with a . (period). Separate multiple entries in the same selector field with a ; (semicolon). To select all facilities, use an * (asterisk).
The action field identifies a destination (file, host, or user) to receive the messages. If routed to a remote host, the remote system will handle the message as indicated in its own configuration file. To display messages on a user's terminal, the destination field must contain the name of a valid, logged-in system user.
The rotation field identifies how rotation is used. If the action field is a file, then rotation can be based on size or time, or both. One can also compress and/or archive the rotated files.
Use the following system facility names in the selector field:
Facility | Description |
---|---|
kern | Kernel |
user | User level |
Mail subsystem | |
daemon | System daemons |
auth | Security or authorization |
syslog | syslogd daemon |
lpr | Line-printer subsystem |
news | News subsystem |
uucp | uucp subsystem |
* | All facilities |
Use the following message priority levels in the selector field. Messages of the specified priority level and all levels above it are sent as directed.
Priority Level | Description |
---|---|
emerg | Specifies emergency messages (LOG_EMERG). These messages are not distributed to all users. LOG_EMERG priority messages can be logged into a separate file for reviewing. |
alert | Specifies important messages (LOG_ALERT), such as a serious hardware error. These messages are distributed to all users. |
crit | Specifies critical messages not classified as errors (LOG_CRIT), such as improper login attempts. LOG_CRIT and higher-priority messages are sent to the system console. |
err | Specifies messages that represent error conditions (LOG_ERR), such as an unsuccessful disk write. |
warning | Specifies messages for abnormal, but recoverable, conditions (LOG_WARNING). |
notice | Specifies important informational messages (LOG_NOTICE). Messages without a priority designation are mapped into this priority message. |
info | Specifies informational messages (LOG_INFO). These messages can be discarded, but are useful in analyzing the system. |
debug | Specifies debugging messages (LOG_DEBUG). These messages may be discarded. |
none | Excludes the selected facility. This priority level is useful only if preceded by an entry with an * (asterisk) in the same selector field. |
Use the following message destinations in the action field.
Destination | Description |
---|---|
File Name | Full path name of a file opened in append mode |
@Host | Host name, preceded by @ (at sign) |
User[, User][...] | User names |
* | All users |
Use the following rotation keywords in the rotation field.
Keyword | Description |
---|---|
rotate | This keyword must be specified after the action field. |
size | This keyword specifies that rotation is based on size. It is followed by a number and either a k (kilobytes) or m (megabytes). |
time | This keyword specifies that rotation is based on time. It is followed by a number and either a h (hour) or d (day) or w (week) or m (month) or y (year). |
files | This keyword specifies the total number of rotated files. It is followed by a number. If not specified, then there are unlimited number of rotated files. |
compress | This keyword specifies that the saved rotated files will be compressed. |
archive | This keyword specifies that the saved rotated files will be copied to a directory. It is followed by the directory name. |
mail.debug /tmp/mailsyslog
*.debug;mail.none @rigil
*.emerg;mail,daemon.crit nick, jam
mail.debug *
*.debug /tmp/syslog.out rotate size 500k time 1w files 10 compress archive /syslogfiles
/etc/syslog.conf | Controls the output of syslogd. |
/etc/syslog.pid | Contains the process ID. |
The syslog subroutine.