Files Reference

syslog.conf File

Purpose

The syslog.conf file provides configuration information for the syslogd daemon.

Description

Informs the syslogd daemon where to send a system message, depending on the message's priority level and the facility that generated it.

The syslogd daemon reads the configuration file when it is activated and when it receives a hang up. The syslog.conf file can be changed while the syslogd daemon is running by issuing a refresh command to the syslogd subsystem:

refresh -s syslogd

Format

If you do not use the -f flag with the syslogd daemon, it reads the default /etc/syslog.conf configuration file.

The syslogd daemon ignores blank lines and lines beginning with a # (pound sign). Lines in the configuration file for the syslogd daemon contain a selector field, an action field, and an optional rotation field, separated by one or more tabs.

The selector field names a facility and a priority level. Separate facility names with a , (comma). Separate the facility and priority-level portions of the selector field with a . (period). Separate multiple entries in the same selector field with a ; (semicolon). To select all facilities, use an * (asterisk).

The action field identifies a destination (file, host, or user) to receive the messages. If routed to a remote host, the remote system will handle the message as indicated in its own configuration file. To display messages on a user's terminal, the destination field must contain the name of a valid, logged-in system user.

The rotation field identifies how rotation is used. If the action field is a file, then rotation can be based on size or time, or both. One can also compress and/or archive the rotated files.

Facilities

Use the following system facility names in the selector field:

Table 33. Facility Names
Facility	Description
kern	Kernel
user	User level
mail	Mail subsystem
daemon	System daemons
auth	Security or authorization
syslog	syslogd daemon
lpr	Line-printer subsystem
news	News subsystem
uucp	uucp subsystem
*	All facilities

Priority Levels

Use the following message priority levels in the selector field. Messages of the specified priority level and all levels above it are sent as directed.

Table 34. Priority Levels
Priority Level	Description
emerg	Specifies emergency messages (LOG_EMERG). These messages are not distributed to all users. LOG_EMERG priority messages can be logged into a separate file for reviewing.
alert	Specifies important messages (LOG_ALERT), such as a serious hardware error. These messages are distributed to all users.
crit	Specifies critical messages not classified as errors (LOG_CRIT), such as improper login attempts. LOG_CRIT and higher-priority messages are sent to the system console.
err	Specifies messages that represent error conditions (LOG_ERR), such as an unsuccessful disk write.
warning	Specifies messages for abnormal, but recoverable, conditions (LOG_WARNING).
notice	Specifies important informational messages (LOG_NOTICE). Messages without a priority designation are mapped into this priority message.
info	Specifies informational messages (LOG_INFO). These messages can be discarded, but are useful in analyzing the system.
debug	Specifies debugging messages (LOG_DEBUG). These messages may be discarded.
none	Excludes the selected facility. This priority level is useful only if preceded by an entry with an * (asterisk) in the same selector field.

Destinations

Use the following message destinations in the action field.

Table 35. Message Destinations
Destination	Description
File Name	Full path name of a file opened in append mode
@Host	Host name, preceded by @ (at sign)
User[, User][...]	User names
*	All users

Rotation

Use the following rotation keywords in the rotation field.

Table 36. Rotation Keywords
Keyword	Description
rotate	This keyword must be specified after the action field.
size	This keyword specifies that rotation is based on size. It is followed by a number and either a k (kilobytes) or m (megabytes).
time	This keyword specifies that rotation is based on time. It is followed by a number and either a h (hour) or d (day) or w (week) or m (month) or y (year).
files	This keyword specifies the total number of rotated files. It is followed by a number. If not specified, then there are unlimited number of rotated files.
compress	This keyword specifies that the saved rotated files will be compressed.
archive	This keyword specifies that the saved rotated files will be copied to a directory. It is followed by the directory name.

Examples

To log all mail facility messages at the debug level or above to the file /tmp/mailsyslog, type:
```
mail.debug /tmp/mailsyslog
```
To send all system messages except those from the mail facility to a host named rigil, type:
```
*.debug;mail.none @rigil 
```
To send messages at the emerg priority level from all facilities, and messages at the crit priority level and above from the mail and daemon facilities, to users nick and jam, type:
```
*.emerg;mail,daemon.crit nick, jam 
```
To send all mail facility messages to all users' terminal screens, type:
```
 mail.debug * 
```
To log all facility messages (at the debug level or above) to the file /tmp/syslog.out, and have the file rotated when it gets larger then 500 kilobytes or if a week passes, limit the number of rotated files to 10, use compression and also use /syslogfiles as the archive directory, type:
```
*.debug /tmp/syslog.out rotate size 500k time 1w files 10 compress archive /syslogfiles
```

Files

/etc/syslog.conf	Controls the output of syslogd.
/etc/syslog.pid	Contains the process ID.

Related Information

The syslog subroutine.