syslog.conf - syslogd(8) configuration file
The syslog.conf file is the configuration file for the syslogd(8) program.
It consists of blocks of lines separated by program
specifications,
with each line containing two fields: the selector
field which
specifies the types of messages and priorities to which the
line applies,
and an action field which specifies the action to be taken
if a message
syslogd receives matches the selection criteria. The
selector field is
separated from the action field by one or more tab characters.
The selectors function is encoded as a facility, a period
(`.'), and a
level, with no intervening whitespace. Both the facility
and the level
are case insensitive.
The facility describes the part of the system generating the
message, and
is one of the following keywords: auth, authpriv, cron, daemon, kern,
lpr, mail, mark, news, syslog, user, uucp and local0 through
local7.
These keywords (with the exception of mark) correspond to
the similar
``LOG_'' values specified to the openlog(3) and syslog(3)
library routines.
The level describes the severity of the message, and is a
keyword from
the following ordered list (highest to lowest): emerg,
alert, crit, err,
warning, notice, info and debug. These keywords correspond
to the similar
(LOG_) values specified to the syslog library routine.
Each block of lines is separated from the previous block by
a tag. The
tag is a line beginning with !prog and each block will be
associated with
calls to syslog from that specific program. When a message
matches multiple
blocks, the action of each matching block is taken.
If no tag is
specified at the beginning of the file, every line is
checked for a match
and acted upon (at least until a tag is found).
!!prog causes the subsequent block to abort evaluation when
a message
matches, ensuring that only a single set of actions is taken. !* can be
used to ensure that any ensuing blocks are further evaluated
(i.e. cancelling
the effect of a !prog or !!prog).
See syslog(3) for further descriptions of both the facility
and level
keywords and their significance. It's preferred that selections be made
on facility rather than program, since the latter can easily
vary in a
networked environment. In some cases, though, an appropriate facility
simply doesn't exist.
If a received message matches the specified facility and is
of the specified
level (or a higher level), and the first word in the
message after
the date matches the program, the action specified in the
action field
will be taken.
Multiple selectors may be specified for a single action by
separating
them with semicolon (`;') characters. It is important to
note, however,
that each selector can modify the ones preceding it.
Multiple facilities may be specified for a single level by
separating
them with comma (`,') characters.
An asterisk (`*') can be used to specify all facilities, all
levels or
all programs.
The special facility ``mark'' receives a message at priority
``info'' every
20 minutes (see syslogd(8)). This is not enabled by a
facility field
containing an asterisk.
The special level ``none'' disables a particular facility.
The action field of each line specifies the action to be
taken when the
selector field selects a message. There are five forms:
+o A pathname (beginning with a leading slash). Selected
messages are
appended to the file.
+o A hostname (preceded by an at (`@') sign). Selected
messages are
forwarded to the syslogd program on the named host. A
port number
may be optionally specified using the host:port syntax.
+o A comma separated list of users. Selected messages are
written to
those users if they are logged in.
+o An asterisk. Selected messages are written to all
logged-in users.
+o A colon, followed by a memory buffer size (in kilobytes), followed by
another colon, followed by a buffer name. Selected messages are
written to an in-memory buffer that may be read using
syslogc(8).
Memory buffered logging is useful to provide access to
log data on
devices that lack local storage (e.g. diskless workstations or
routers). The largest allowed buffer size is 256kb.
Blank lines and lines whose first non-blank character is a
hash (`#')
character are ignored.
/etc/syslog.conf The syslogd(8) configuration file.
A configuration file might appear as follows:
# Log info (and higher) messages from spamd only to
# a dedicated file, discarding debug messages.
# Matching messages abort evaluation of further rules.
!!spamd
daemon.info
/var/log/spamd
daemon.debug
/dev/null
!*
# Log all kernel messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
*.err;kern.*;auth.notice;authpriv.none
/dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none
/var/log/messages
# The authpriv file has restricted access.
authpriv.*
/var/log/secure
# Log all the mail messages in one place.
mail.*
/var/log/maillog
# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
*.emerg
@arpa.berkeley.edu
# Root and Eric get alert and higher messages.
*.alert
root,eric
# Save mail and news errors of level err and higher in a
# special file.
mail,news.err
/var/log/spoolerr
# Save ftpd transactions along with mail and news
!ftpd
*.*
/var/log/spoolerr
# Keep a copy of all logging in a 32k memory buffer named
"debug"
*.debug
:32:debug
# Store notices and authpriv messages in a 64k buffer named
"important"
*.notice,authpriv.*
:64:important
syslog(3), syslogc(8), syslogd(8)
The syslog.conf file appeared in 4.3BSD, along with syslogd(8).
The effects of multiple selectors are sometimes not intuitive. For example
``mail.crit;*.err'' will select ``mail'' facility messages at the
level of ``err'' or higher, not at the level of ``crit'' or
higher.
OpenBSD 3.6 June 9, 1993
[ Back ] |
