syslog.conf - configuration file for syslogd system log dae-




     The file /etc/syslog.conf contains information used  by  the
     system  log daemon, syslogd(1M), to forward a system message
     to appropriate log files and/or users. syslogd  preprocesses
     this  file  through  m4(1) to obtain the correct information
     for certain log files, defining LOGHOST if  the  address  of
     "loghost"  is  the  same as one of the addresses of the host
     that is running syslogd.

     A configuration  entry  is  composed  of  two  TAB-separated

     selector       action

     The selector field contains a  semicolon-separated  list  of
     priority specifications of the form:

     facility.level [ ; facility.level ]

     where facility is a system facility, or comma-separated list
     of facilities, and level is an indication of the severity of
     the condition being logged. Recognized values  for  facility

     user  Messages generated by  user  processes.  This  is  the
           default priority for messages from programs or facili-
           ties not listed in this file.

     kern  Messages generated by the kernel.

     mail  The mail system.

           System daemons, such as in.ftpd(1M)

     auth  The authorization system: login(1), su(1M), getty(1M),
           among others.

     lpr   The line printer spooling  system:  lpr(1B),  lpc(1B),
           among others.

     news  Reserved for the USENET network news system.

     uucp  Reserved for the UUCP system; it  does  not  currently
           use the syslog mechanism.

     cron  Reserved for cron/at  messages  generated  by  systems
           that do logging through syslog. The current version of
           the Solaris Operating Environment does  not  use  this
           facility for logging.

           Reserved for local use.

     mark  For timestamp messages produced internally by syslogd.

     *     An asterisk indicates all facilities  except  for  the
           mark facility.

     Recognized values for level  are  (in  descending  order  of

     emerg For panic conditions that would normally be  broadcast
           to all users.

     alert For conditions that should be  corrected  immediately,
           such as a corrupted system database.

     crit  For warnings about critical conditions, such  as  hard
           device errors.

     err   For other errors.

           For warning messages.

           For conditions that are not error conditions, but  may
           require special handling. A configuration entry with a
           level value of notice must appear on a separate line.

     info  Informational messages.

     debug For messages that are normally used only  when  debug-
           ging a program.

     none  Do not send messages from the  indicated  facility  to
           the selected file. For example, a selector of


           will send all messages except  mail  messages  to  the
           selected file.

     Note that for a given facility and  level,  syslogd  matches
     all messages for that level and all higher levels. For exam-
     ple, an entry that specifies a level of crit also logs  mes-
     sages at the alert and emerg levels.

     The action field indicates where  to  forward  the  message.
     Values for this field can have one of four forms:

        o  A filename, beginning  with  a  leading  slash,  which
           indicates  that messages specified by the selector are
           to be written to the specified file. The file will  be
           opened  in  append mode if it exists. If the file does
           not exist, logging will silently fail for this action.

        o  The name of a remote host,  prefixed  with  an  @,  as
           with: @server, which indicates that messages specified
           by the selector are to be forwarded to the syslogd  on
           the named host.  The hostname "loghost" is treated, in
           the default syslog.conf, as the hostname given to  the
           machine  that  logs  syslogd messages.  Every  machine
           is  "loghost"  by default, per the hosts database.  It
           is  also  possible to specify one machine on a network
           to be "loghost" by making the appropriate  host  table
           entries.  If  the  local  machine  is designated to be
           "loghost", then syslogd messages are  written  to  the
           appropriate  files.  Otherwise,  they  are sent to the
           machine "loghost" on the network.

        o  A comma-separated list of usernames,  which  indicates
           that  messages  specified  by  the  selector are to be
           written to the named users if they are logged in.

        o  An asterisk, which indicates that  messages  specified
           by  the  selector  are  to be written to all logged-in

     Blank lines are ignored. Lines for which the first  nonwhite
     character is a '#' are treated as comments.


     Example 1: A Sample Configuration File

     With the following configuration file:

     *.notice                      /var/log/notice                     /var/log/notice
     *.crit                        /var/log/critical
     kern,mark.debug               /dev/console
     kern.err                      @server
     *.emerg                       *
     *.alert                       root,operator
     *.alert;auth.warning          /var/log/auth
     syslogd(1M) will log all mail system messages  except  debug
     messages  and  all  notice  (or higher) messages into a file
     named /var/log/notice. It logs all  critical  messages  into
     /var/log/critical,  and  all  kernel  messages and 20-minute
     marks onto the system console.

     Kernel messages of err (error) severity or higher  are  for-
     warded  to  the machine named server. Emergency messages are
     forwarded to all users. The  users  root  and  operator  are
     informed  of  any  alert  messages.   All  messages from the
     authorization system of warning level or higher  are  logged
     in the file /var/log/auth.


           log of all mail system  messages  (except  debug  mes-
           sages) and all messages of notice level or higher

           log of all critical messages

           log of all messages from the authorization  system  of
           warning level or higher


     at(1),  crontab(1),  logger(1),  login(1),  lp(1),  lpc(1B),
     lpr(1B),  m4(1),  cron(1M),  getty(1M), in.ftpd(1M), su(1M),
     syslogd(1M), syslog(3C), hosts(4)

Man(1) output converted with man2html