The syslog.conf(5) file specifies which system log messages will be stored in, and where they will be stored.
Each line of the syslog.conf file contains either a comment or a specification. A comment is a line whose first printing character is the pound symbol (#). A specification has two parts: the selector, the messages affected by this line; and the action, the action to take when messages appear. The selector and the action are separated by one or more tab characters.
The selector specifies which messages are affected, based on the facility that sent the message and the severity or level of the message.
The following table describes the facilities:
Facility | Description |
---|---|
auth | The user authorization system, such as login(1). |
authpriv | The authorization system, (auth). The log file can be read only by privileged users. |
cron | The cron(1) scheduling daemon. |
daemon | System daemons not explicitly provided for by other facilities. |
ftp | The file transfer protocol (FTP) and associated utilities. |
lpr | The line-printer spooling system. |
The mail system. | |
mark | A special facility that receives a priority-information message from syslogd every 20 minutes. For more information, see syslogd(1). |
news | The network news system. |
syslog | The syslogd daemon. |
user | Messages generated by other user processes. This is the default if no other facility is specified. |
uucp | The UNIX-to-UNIX Copy (UUCP) message transport system. |
local0—local7 | These eight facilities are reserved for local use. |
The following table lists the levels and severity of messages, in order of decreasing seriousness:
Level | Description |
---|---|
emerg | A panic condition. |
alert | A serious condition that should be corrected immediately, such as a corrupted database. |
crit | Critical problems, such as device errors. |
err | System errors. |
warning | Warnings. |
notice | Conditions that should be handled specially, but which are not errors. |
info | Informational messages. |
debug | Messages that are normally useful only when debugging a program. |
The action field specifies the action syslogd should take when a particular facility has a message of a specific level. The following table describes the four possible actions:
Contents of the action field | Description |
---|---|
A file name | Messages are stored in this file. File names that begin with /dev refer to a particular device. The /dev/console device does not exist in Interix. Also, the file must already exist; syslogd will not create files. |
A host name | Messages are sent to syslogd using the computer host name. The host name refers to a computer on the network, and it is preceded by an at (@) sign. For example, to send messages to syslogd on the host aztec, use the host name @aztec. |
A comma-separated list of users | Messages are written to a list of users if they are logged on. User names are case-sensitive and must include the domain. |
An asterisk (*) | Messages are written to all users. |
The following lines are from a sample syslog.conf file. An asterisk (*) specifies all facilities except mark:
mail.* /var/adm/log/mail
*.info @carlo
*.info /var/log/messages
*.emerg *
The first line logs all mail messages in the file /var/adm/log/mail. The second sends all messages of level info and higher to the computer named carlo. The third sends those same messages to the file /var/log/messages. As this shows, the same selector can be specified more than once. The fourth line sends all messages of level emerg to all users.