1 '\" te 2 .\" Copyright (c) 2013 Gary Mills 3 .\" Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved. 4 .\" Copyright (c) 1983 Regents of the University of California. All rights reserved. The Berkeley software License Agreement specifies the terms and conditions for redistribution. 5 .TH SYSLOG.CONF 4 "Nov 19, 2013" 6 .SH NAME 7 syslog.conf \- configuration file for syslogd system log daemon 8 .SH SYNOPSIS 9 .LP 10 .nf 11 \fB/etc/syslog.conf\fR 12 .fi 13 14 .SH DESCRIPTION 15 .LP 16 The file \fB/etc/syslog.conf\fR contains information used by the system log 17 daemon, \fBsyslogd\fR(1M), to forward a system message to appropriate log files 18 and/or users. \fBsyslogd\fR preprocesses this file through \fBm4\fR(1) to 19 obtain the correct information for certain log files, defining \fBLOGHOST\fR if 20 the address of "loghost" is the same as one of the addresses of the host that 21 is running \fBsyslogd\fR. 22 .sp 23 .LP 24 A configuration entry is composed of two TAB-separated fields: 25 .sp 26 .in +2 27 .nf 28 \fIselector action\fR 29 .fi 30 .in -2 31 32 .sp 33 .LP 34 The \fIselector\fR field contains a semicolon-separated list of priority 35 specifications of the form: 36 .sp 37 .in +2 38 .nf 39 \fIfacility\fR\fB\&.\fR\fIlevel\fR [ \fB;\fR \fIfacility\fR\fB\&.\fR\fIlevel\fR ] 40 .fi 41 .in -2 42 43 .sp 44 .LP 45 where \fIfacility\fR is a system facility, or comma-separated list of 46 facilities, and \fIlevel\fR is an indication of the severity of the condition 47 being logged. 48 The presence of a facility name only implies that it is available. 49 Each individual service determines which facility it will use for logging. 50 In particular, many facilities are only useful for \fBsyslog\fR messages 51 that are forwarded from other operating systems. 52 Recognized values for \fIfacility\fR include: 53 .sp 54 .ne 2 55 .na 56 \fB\fBkern\fR\fR 57 .ad 58 .RS 12n 59 Messages generated by the kernel. 60 .RE 61 62 .sp 63 .ne 2 64 .na 65 \fB\fBuser\fR\fR 66 .ad 67 .RS 12n 68 Messages generated by user processes. This is the default priority for messages 69 from programs or facilities not listed in this file. 70 .RE 71 72 .sp 73 .ne 2 74 .na 75 \fB\fBmail\fR\fR 76 .ad 77 .RS 12n 78 The mail system. 79 .RE 80 81 .sp 82 .ne 2 83 .na 84 \fB\fBdaemon\fR\fR 85 .ad 86 .RS 12n 87 Various system daemons. 88 .RE 89 90 .sp 91 .ne 2 92 .na 93 \fB\fBauth\fR\fR 94 .ad 95 .RS 12n 96 The authorization system: \fBlogin\fR(1), \fBsu\fR(1M), \fBgetty\fR(1M), among 97 others. 98 .RE 99 100 .sp 101 .ne 2 102 .na 103 \fB\fBlpr\fR\fR 104 .ad 105 .RS 12n 106 The line printer spooling system: \fBlpr\fR(1B), \fBlpc\fR(1B), among others. 107 .RE 108 109 .sp 110 .ne 2 111 .na 112 \fB\fBnews\fR\fR 113 .ad 114 .RS 12n 115 Designated for the USENET network news system. 116 .RE 117 118 .sp 119 .ne 2 120 .na 121 \fB\fBuucp\fR\fR 122 .ad 123 .RS 12n 124 Designated for the UUCP system; it does not currently use the \fBsyslog\fR 125 mechanism. 126 .RE 127 128 .sp 129 .ne 2 130 .na 131 \fB\fBaltcron\fR\fR 132 .ad 133 .RS 12n 134 Designated for the BSD cron/at system. 135 .RE 136 137 .sp 138 .ne 2 139 .na 140 \fB\fBauthpriv\fR\fR 141 .ad 142 .RS 12n 143 Designated for the BSD security/authorization system. 144 .RE 145 146 .sp 147 .ne 2 148 .na 149 \fB\fBftp\fR\fR 150 .ad 151 .RS 12n 152 Designated for the file transfer system. 153 .RE 154 155 .sp 156 .ne 2 157 .na 158 \fB\fBntp\fR\fR 159 .ad 160 .RS 12n 161 Designated for the network time system. 162 .RE 163 164 .sp 165 .ne 2 166 .na 167 \fB\fBaudit\fR\fR 168 .ad 169 .RS 12n 170 Designated for audit messages generated by systems that audit by means of 171 syslog. 172 .RE 173 174 .sp 175 .ne 2 176 .na 177 \fB\fBconsole\fR\fR 178 .ad 179 .RS 12n 180 Designated for the BSD console system. 181 .RE 182 183 .sp 184 .ne 2 185 .na 186 \fB\fBcron\fR\fR 187 .ad 188 .RS 12n 189 Designated for \fBcron\fR/\fBat\fR messages generated by systems that do 190 logging through \fBsyslog\fR. 191 The current versions of \fBcron\fR and \fBat\fR do not use this facility 192 for logging. 193 .RE 194 195 .sp 196 .ne 2 197 .na 198 \fB\fBlocal0-7\fR\fR 199 .ad 200 .RS 12n 201 Designated for local use. 202 .RE 203 204 .sp 205 .ne 2 206 .na 207 \fB\fBmark\fR\fR 208 .ad 209 .RS 12n 210 For timestamp messages produced internally by \fBsyslogd\fR. 211 .RE 212 213 .sp 214 .ne 2 215 .na 216 \fB\fB*\fR\fR 217 .ad 218 .RS 12n 219 An asterisk indicates all facilities except for the \fBmark\fR facility. 220 .RE 221 222 .sp 223 .LP 224 Recognized values for \fIlevel\fR are (in descending order of severity): 225 .sp 226 .ne 2 227 .na 228 \fB\fBemerg\fR\fR 229 .ad 230 .RS 11n 231 For panic conditions that would normally be broadcast to all users. 232 .RE 233 234 .sp 235 .ne 2 236 .na 237 \fB\fBalert\fR\fR 238 .ad 239 .RS 11n 240 For conditions that should be corrected immediately, such as a corrupted system 241 database. 242 .RE 243 244 .sp 245 .ne 2 246 .na 247 \fB\fBcrit\fR\fR 248 .ad 249 .RS 11n 250 For warnings about critical conditions, such as hard device errors. 251 .RE 252 253 .sp 254 .ne 2 255 .na 256 \fB\fBerr\fR\fR 257 .ad 258 .RS 11n 259 For other errors. 260 .RE 261 262 .sp 263 .ne 2 264 .na 265 \fB\fBwarning\fR\fR 266 .ad 267 .RS 11n 268 For warning messages. 269 .RE 270 271 .sp 272 .ne 2 273 .na 274 \fB\fBnotice\fR\fR 275 .ad 276 .RS 11n 277 For conditions that are not error conditions, but may require special handling. 278 A configuration entry with a \fIlevel\fR value of \fBnotice\fR must appear on a 279 separate line. 280 .RE 281 282 .sp 283 .ne 2 284 .na 285 \fB\fBinfo\fR\fR 286 .ad 287 .RS 11n 288 Informational messages. 289 .RE 290 291 .sp 292 .ne 2 293 .na 294 \fB\fBdebug\fR\fR 295 .ad 296 .RS 11n 297 For messages that are normally used only when debugging a program. 298 .RE 299 300 .sp 301 .ne 2 302 .na 303 \fB\fBnone\fR\fR 304 .ad 305 .RS 11n 306 Do not send messages from the indicated \fIfacility\fR to the selected file. 307 For example, a \fIselector\fR of 308 .sp 309 \fB*.debug;mail.none\fR 310 .sp 311 sends all messages \fIexcept\fR mail messages to the selected file. 312 .RE 313 314 .sp 315 .LP 316 For a given \fIfacility\fR and \fIlevel\fR, \fBsyslogd\fR matches all messages 317 for that level and all higher levels. For example, an entry that specifies a 318 level of \fBcrit\fR also logs messages at the \fBalert\fR and \fBemerg\fR 319 levels. 320 .sp 321 .LP 322 The \fIaction\fR field indicates where to forward the message. Values for this 323 field can have one of four forms: 324 .RS +4 325 .TP 326 .ie t \(bu 327 .el o 328 A filename, beginning with a leading slash, which indicates that messages 329 specified by the \fIselector\fR are to be written to the specified file. The 330 file is opened in append mode if it exists. If the file does not exist, logging 331 silently fails for this action. 332 .RE 333 .RS +4 334 .TP 335 .ie t \(bu 336 .el o 337 The name of a remote host, prefixed with an \fB@\fR, as with: 338 \fB@\fR\fIserver\fR, which indicates that messages specified by the 339 \fIselector\fR are to be forwarded to the \fBsyslogd\fR on the named host. The 340 hostname "loghost" is treated, in the default \fBsyslog.conf\fR, as the 341 hostname given to the machine that logs \fBsyslogd\fR messages. Every machine 342 is "loghost" by default, per the hosts database. It is also possible to specify 343 one machine on a network to be "loghost" by, literally, naming the machine 344 "loghost". If the local machine is designated to be "loghost", then 345 \fBsyslogd\fR messages are written to the appropriate files. Otherwise, they 346 are sent to the machine "loghost" on the network. 347 .RE 348 .RS +4 349 .TP 350 .ie t \(bu 351 .el o 352 A comma-separated list of usernames, which indicates that messages specified by 353 the \fIselector\fR are to be written to the named users if they are logged in. 354 .RE 355 .RS +4 356 .TP 357 .ie t \(bu 358 .el o 359 An asterisk, which indicates that messages specified by the \fIselector\fR are 360 to be written to all logged-in users. 361 .RE 362 .sp 363 .LP 364 Blank lines are ignored. Lines for which the first nonwhite character is 365 a '\fB#\fR' are treated as comments. 366 .SH EXAMPLES 367 .LP 368 \fBExample 1 \fRA Sample Configuration File 369 .sp 370 .LP 371 With the following configuration file: 372 373 .sp 374 375 .sp 376 .TS 377 l l 378 l l . 379 \fB*.notice\fR \fB/var/log/notice\fR 380 \fBmail.info\fR \fB/var/log/notice\fR 381 \fB*.crit\fR \fB/var/log/critical\fR 382 \fBkern,mark.debug\fR \fB/dev/console\fR 383 \fBkern.err\fR \fB@server\fR 384 \fB*.emerg\fR \fB*\fR 385 \fB*.alert\fR \fBroot,operator\fR 386 \fB*.alert;auth.warning\fR \fB/var/log/auth\fR 387 .TE 388 389 .sp 390 .LP 391 \fBsyslogd\fR(1M) logs all mail system messages except \fBdebug\fR messages and 392 all \fBnotice\fR (or higher) messages into a file named \fB/var/log/notice\fR. 393 It logs all critical messages into \fB/var/log/critical\fR, and all kernel 394 messages and 20-minute marks onto the system console. 395 396 .sp 397 .LP 398 Kernel messages of \fBerr\fR (error) severity or higher are forwarded to the 399 machine named \fBserver\fR. Emergency messages are forwarded to all users. The 400 users \fBroot\fR and \fBoperator\fR are informed of any \fBalert\fR messages. 401 All messages from the authorization system of \fBwarning\fR level or higher are 402 logged in the file \fB/var/log/auth\fR. 403 404 .SH ATTRIBUTES 405 .LP 406 See \fBattributes\fR(5) for descriptions of the following attributes: 407 .sp 408 409 .sp 410 .TS 411 box; 412 c | c 413 l | l . 414 ATTRIBUTE TYPE ATTRIBUTE VALUE 415 _ 416 Interface Stability Stable 417 .TE 418 419 .SH SEE ALSO 420 .LP 421 \fBat\fR(1), \fBcrontab\fR(1), \fBlogger\fR(1), \fBlogin\fR(1), \fBlp\fR(1), 422 \fBlpc\fR(1B), \fBlpr\fR(1B), \fBm4\fR(1), \fBcron\fR(1M), \fBgetty\fR(1M), 423 \fBin.ftpd\fR(1M), \fBsu\fR(1M), \fBsyslogd\fR(1M), \fBsyslog\fR(3C), 424 \fBhosts\fR(4), \fBattributes\fR(5)