NAME
syslog.conf —
syslogd(8) configuration file
DESCRIPTION
Thesyslog.conf file is the configuration file for the
syslogd(8) program. It consists of lines with two fields: the
selector field which specifies the types of messages and
priorities to which the line applies, and an action field
which specifies the action to be taken if a message
syslogd receives matches the
selection criteria. The selector field is separated from the
action field by one or more tab characters.
The Selectors function are encoded as a facility, a period (``.''), and a level, with no intervening white-space. Both the facility and the level are case insensitive.
The facility describes the part of the system
generating the message, and is one of the following keywords: auth,
authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, uucp and
local0 through local7. These keywords (with the exception of mark)
correspond to the similar “LOG_”
values specified to the
openlog(3) and
syslog(3) library routines.
The level describes the severity of the message,
and is a keyword from the following ordered list (higher to lower): emerg,
alert, crit, err, warning, notice and debug. These keywords correspond to
the similar (LOG_) values specified to the
syslog library routine.
See syslog(3) for a further descriptions of both the facility and level keywords and their significance.
If a received message matches the specified facility and is of the specified level (or a higher level), the action specified in the action field will be taken.
Multiple selectors may be specified for a single action by separating them with semicolon (``;'') characters. It is important to note, however, that each selector can modify the ones preceding it.
Multiple facilities may be specified for a single level by separating them with comma (``,'') characters.
An asterisk (``*'') can be used to specify all facilities or all levels.
The special facility ``mark'' receives a message at priority ``info'' every 20 minutes (see syslogd(8)). This is not enabled by a facility field containing an asterisk.
The special level ``none'' disables a particular facility.
The action field of each line specifies the action to be taken when the selector field selects a message. There are four forms:
- A pathname (beginning with a leading slash). Selected messages are appended to the file.
- A hostname (preceded by an at (``@'') sign). Selected messages are forwarded to the syslogd program on the named host.
- A comma separated list of users. Selected messages are written to those users if they are logged in.
- An asterisk. Selected messages are written to all logged-in users.
Blank lines and lines whose first non-blank character is a hash (``#'') character are ignored.
EXAMPLES
A configuration file might appear as follows:
# Log all kernel messages, authentication messages of # level notice or higher and anything of level err or # higher to the console. # Don't log private authentication messages! *.err;kern.*;auth.notice;authpriv.none /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Everybody gets emergency messages, plus log them on another # machine. *.emerg * *.emerg @arpa.berkeley.edu # Root and Eric get alert and higher messages. *.alert root,eric # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spoolerr
FILES
- /etc/syslog.conf
- The syslogd(8) configuration file.
BUGS
The effects of multiple selectors are sometimes not intuitive. For example ``mail.crit,*.err'' will select ``mail'' facility messages at the level of ``err'' or higher, not at the level of ``crit'' or higher.