syslog.conf(4)
NAME
syslog.conf - configuration file for syslogd system log dae-
mon
SYNOPSIS
/etc/syslog.conf
DESCRIPTION
The file /etc/syslog.conf contains information used by the
system log daemon, syslogd(1M), to forward a system message
to appropriate log files and/or users. syslogd preprocesses
this file through m4(1) to obtain the correct information
for certain log files, defining LOGHOST if the address of
"loghost" is the same as one of the addresses of the host
that is running syslogd.
A configuration entry is composed of two TAB-separated
fields:
selector action
The selector field contains a semicolon-separated list of
priority specifications of the form:
facility.level [ ; facility.level ]
where facility is a system facility, or comma-separated list
of facilities, and level is an indication of the severity of
the condition being logged. Recognized values for facility
include:
user Messages generated by user processes. This is the
default priority for messages from programs or facili-
ties not listed in this file.
kern Messages generated by the kernel.
mail The mail system.
daemon
System daemons, such as in.ftpd(1M)
auth The authorization system: login(1), su(1M), getty(1M),
among others.
lpr The line printer spooling system: lpr(1B), lpc(1B),
among others.
news Reserved for the USENET network news system.
uucp Reserved for the UUCP system; it does not currently
use the syslog mechanism.
cron Reserved for cron/at messages generated by systems
that do logging through syslog. The current version of
the Solaris Operating Environment does not use this
facility for logging.
local0-7
Reserved for local use.
mark For timestamp messages produced internally by syslogd.
* An asterisk indicates all facilities except for the
mark facility.
Recognized values for level are (in descending order of
severity):
emerg For panic conditions that would normally be broadcast
to all users.
alert For conditions that should be corrected immediately,
such as a corrupted system database.
crit For warnings about critical conditions, such as hard
device errors.
err For other errors.
warning
For warning messages.
notice
For conditions that are not error conditions, but may
require special handling. A configuration entry with a
level value of notice must appear on a separate line.
info Informational messages.
debug For messages that are normally used only when debug-
ging a program.
none Do not send messages from the indicated facility to
the selected file. For example, a selector of
*.debug;mail.none
will send all messages except mail messages to the
selected file.
Note that for a given facility and level, syslogd matches
all messages for that level and all higher levels. For exam-
ple, an entry that specifies a level of crit also logs mes-
sages at the alert and emerg levels.
The action field indicates where to forward the message.
Values for this field can have one of four forms:
o A filename, beginning with a leading slash, which
indicates that messages specified by the selector are
to be written to the specified file. The file will be
opened in append mode if it exists. If the file does
not exist, logging will silently fail for this action.
o The name of a remote host, prefixed with an @, as
with: @server, which indicates that messages specified
by the selector are to be forwarded to the syslogd on
the named host. The hostname "loghost" is treated, in
the default syslog.conf, as the hostname given to the
machine that logs syslogd messages. Every machine
is "loghost" by default, per the hosts database. It
is also possible to specify one machine on a network
to be "loghost" by making the appropriate host table
entries. If the local machine is designated to be
"loghost", then syslogd messages are written to the
appropriate files. Otherwise, they are sent to the
machine "loghost" on the network.
o A comma-separated list of usernames, which indicates
that messages specified by the selector are to be
written to the named users if they are logged in.
o An asterisk, which indicates that messages specified
by the selector are to be written to all logged-in
users.
Blank lines are ignored. Lines for which the first nonwhite
character is a '#' are treated as comments.
EXAMPLES
Example 1: A Sample Configuration File
With the following configuration file:
*.notice /var/log/notice
mail.info /var/log/notice
*.crit /var/log/critical
kern,mark.debug /dev/console
kern.err @server
*.emerg *
*.alert root,operator
*.alert;auth.warning /var/log/auth
syslogd(1M) will log all mail system messages except debug
messages and all notice (or higher) messages into a file
named /var/log/notice. It logs all critical messages into
/var/log/critical, and all kernel messages and 20-minute
marks onto the system console.
Kernel messages of err (error) severity or higher are for-
warded to the machine named server. Emergency messages are
forwarded to all users. The users root and operator are
informed of any alert messages. All messages from the
authorization system of warning level or higher are logged
in the file /var/log/auth.
FILES
/var/log/notice
log of all mail system messages (except debug mes-
sages) and all messages of notice level or higher
/var/log/critical
log of all critical messages
/var/log/auth
log of all messages from the authorization system of
warning level or higher
SEE ALSO
at(1), crontab(1), logger(1), login(1), lp(1), lpc(1B),
lpr(1B), m4(1), cron(1M), getty(1M), in.ftpd(1M), su(1M),
syslogd(1M), syslog(3C), hosts(4)
Man(1) output converted with
man2html