SYSLOG Output Format Configuration Files

Messages generated by the SYSLOG output format can be forwarded to any of the following three possible destinations:

The conf parameter of the SYSLOG output format allows users to specify a configuration file resembling the standard "syslog.conf" file that describes the rules used to forward messages to different destinations.
These rules associate values of the facility and severity message fields with specific Syslog servers, text files, or users.

Each line in a configuration file is either a comment beginning with the pound character ("#"), or a configuration entry.
Configuration entries have the following syntax:

<config_entry> ::= <selector> <action>
<selector> ::= <facilities>.<severity>
<facilities> ::= <facility>[,<facility> ... ]
<facility> ::= kern | user | mail | daemon | auth | mark | lpr | news | uucp | cron | auth2 | ftp | ntp | logaudit | logalert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | *
<severity> ::= emerg | alert | crit | err | warning | notice | info | debug
<action> ::= <send_server> |
<send_file> |
<send_user>
<send_server> ::= @<server_name>[:<port>]
<send_file> ::= <filepath> |
STDOUT
<send_user> ::= <user_name>
A configuration entry is composed of a selector and an action, separated by spaces or tab characters.
A selector is a comma-separated list of facility names followed by a dot (".") and followed by a severity name. The special "*" wildcard means "all facilities".
Messages whose facility is included in the selector's set of facilities and whose severity is greater than or equal to the selector's severity are forwarded to the destination specified in the action.

An action can specify any of the following destinations:


The following example shows a SYSLOG output format configuration file:

#
# Sample SYSLOG output format configuration file
#
auth.err				@MYSERVER01
*.debug				 STDOUT
*.info				C:\MyLogs\Infos.txt
kern.emerg			MYUSER
local0,local1.emerg	 @192.168.1.100:515
This configuration file defines the following rules: Messages matching more than one rule are forwarded to all the specified destinations. For example, with the above configuration file, messages having a severity greater than or equal to "debug" are both displayed in the console output and written to the "C:\MyLogs\Infos.txt" text file.

Actions can also be specified in the into-entity of the query.
These actions are processed as rules having a selector that matches all messages, with a "*" facility value and an "emerg" severity value.


© 2004 Microsoft Corporation. All rights reserved.