syslog.conf - configuration file for syslogd system log daemon

---

SYNOPSIS

DESCRIPTION

The file /etc/syslog.conf contains information used by the system log daemon, syslogd.8 to forward a system message to appropriate log files and/or users. syslog preprocesses this file through m4.1v to obtain the correct information for certain log files.

A configuration entry is composed of two TAB-separated fields:

selector action

The selector field contains a semicolon-separated list of priority specifications of the form:

facility.level[;facility.level]

where facility is a system facility, or comma-separated list of facilities, and level is an indication of the severity of the condition being logged. Recognized values for facility include:

user

Messages generated by user processes. This is the default priority for messages from programs or facilities not listed in this file.

kern

Messages generated by the kernel.

mail

The mail system.

daemon

System daemons, such as ftpd.8c routed.8c etc.

auth

The authorization system: login.1 su.1v getty.8 etc.

lpr

The line printer spooling system: lpr.1 lpc.8 lpd.8 etc.

news

Reserved for the USENET network news system.

uucp

Reserved for the UUCP system; it does not currently use the syslog mechanism.

cron

The cron/at facility; crontab.1 at.1 cron.8 etc.

local0-7

Reserved for local use.

mark

For timestamp messages produced internally by syslogd.

*

An asterisk indicates all facilities except for the mark facility.

Recognized values for level are (in descending order of severity):

emerg

For panic conditions that would normally be broadcast to all users.

alert

For conditions that should be corrected immediately, such as a corrupted system database.

crit

For warnings about critical conditions, such as hard device errors.

err

For other errors.

warning

For warning messages.

notice

For conditions that are not error conditions, but may require special handling.

info

Informational messages.

debug

For messages that are normally used only when debugging a program.

none

Do not send messages from the indicated facility to the selected file. For example, a selector of

*.debug;mail.none

will send all messages except mail messages to the selected file.

The action field indicates where to forward the message. Values for this field can have one of four forms:

• A filename, beginning with a leading slash, which indicates that messages specified by the selector are to be written to the specified file. The file will be opened in append mode.
• The name of a remote host, prefixed with an @, as with: @server, which indicates that messages specified by the selector are to be forwarded to the syslogd on the named host.
• A comma-separated list of usernames, which indicates that messages specified by the selector are to be written to the named users if they are logged in.
• An asterisk, which indicates that messages specified by the selector are to be written to all logged-in users.

Blank lines are ignored. Lines for which the first character is a `#' are treated as comments.

Sun386i DESCRIPTION

The file is as described above, except that there is an additional valid entry type, for translation. A line containing the keyword "translate," if present, specifies how system error messages are translated, suppressed, or forwarded to appropriate log files and/or users.

A translation entry in the file is composed of five TAB-separated fields:

	translate	source	facility	input	output

The translate field consists of the word translate and is used to indicate that this is a translation entry.

The source field contains a comma separated list of source names. Recognized sources are:

klog

Messages placed in /dev/klog by the kernel.

log

Messages placed in /dev/log file by local programs.

syslog

Messages placed in the internet socket by programs on other systems.

*

An asterisk indicates all three sources (klog, log and syslog).

The facility field contains a comma-separated list of facilities.

The input field is the name of the file used to map error messages (in printf format strings) to numbers. This number is used to locate a new string in the file specified in the output field. The format of both files is described in translate.5

The output file specified by the output field translates the numbers from the input file into the desired error messages, and also specifies the format to be used to output each message.

EXAMPLE

	*.notice;mail.info	/var/log/notice
	*.crit	/var/log/critical
	kern,mark.debug	/dev/console
	kern.err	@server
	*.emerg	*
	*.alert	root,operator
	*.alert;auth.warning	/var/log/auth

syslogd will log all mail system messages except debug messages and all notice (or higher) messages into a file named /var/log/notice. It logs all critical messages into /var/log/critical, and all kernel messages and 20-minute marks onto the system console.

Kernel messages of err (error) severity or higher are forwarded to the machine named server. Emergency messages are forwarded to all users. The users ``root'' and ``operator'' are informed of any alert messages. All messages from the authorization system of warning level or higher are logged in the file /var/log/auth.

FILES

/etc/syslog.conf

/var/log/notice

/var/log/critical

/var/log/auth

SEE ALSO

Created by unroff & hp-tools. © somebody (See intro for details). All Rights Reserved. Last modified 11/5/97