1 '\" te 2 .\" Copyright (c) 2013 Gary Mills 3 .\" Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved. 4 .\" Copyright (c) 1983 Regents of the University of California. All rights reserved. The Berkeley software License Agreement specifies the terms and conditions for redistribution. 5 .TH SYSLOG.CONF 4 "Oct 17, 2013" 6 .SH NAME 7 syslog.conf \- configuration file for syslogd system log daemon 8 .SH SYNOPSIS 9 .LP 10 .nf 11 \fB/etc/syslog.conf\fR 12 .fi 13 14 .SH DESCRIPTION 15 .sp 16 .LP 17 The file \fB/etc/syslog.conf\fR contains information used by the system log 18 daemon, \fBsyslogd\fR(1M), to forward a system message to appropriate log files 19 and/or users. \fBsyslogd\fR preprocesses this file through \fBm4\fR(1) to 20 obtain the correct information for certain log files, defining \fBLOGHOST\fR if 21 the address of "loghost" is the same as one of the addresses of the host that 22 is running \fBsyslogd\fR. 23 .sp 24 .LP 25 A configuration entry is composed of two TAB-separated fields: 26 .sp 27 .in +2 28 .nf 29 \fIselector action\fR 30 .fi 31 .in -2 32 33 .sp 34 .LP 35 The \fIselector\fR field contains a semicolon-separated list of priority 36 specifications of the form: 37 .sp 38 .in +2 39 .nf 40 \fIfacility\fR\fB\&.\fR\fIlevel\fR [ \fB;\fR \fIfacility\fR\fB\&.\fR\fIlevel\fR ] 41 .fi 42 .in -2 43 44 .sp 45 .LP 46 where \fIfacility\fR is a system facility, or comma-separated list of 47 facilities, and \fIlevel\fR is an indication of the severity of the condition 48 being logged. Recognized values for \fIfacility\fR include: 49 .sp 50 .ne 2 51 .na 52 \fB\fBkern\fR\fR 53 .ad 54 .RS 12n 55 Messages generated by the kernel. 56 .RE 57 58 .sp 59 .ne 2 60 .na 61 \fB\fBuser\fR\fR 62 .ad 63 .RS 12n 64 Messages generated by user processes. This is the default priority for messages 65 from programs or facilities not listed in this file. 66 .RE 67 68 .sp 69 .ne 2 70 .na 71 \fB\fBmail\fR\fR 72 .ad 73 .RS 12n 74 The mail system. 75 .RE 76 77 .sp 78 .ne 2 79 .na 80 \fB\fBdaemon\fR\fR 81 .ad 82 .RS 12n 83 System daemons, such as \fBin.ftpd\fR(1M) 84 .RE 85 86 .sp 87 .ne 2 88 .na 89 \fB\fBauth\fR\fR 90 .ad 91 .RS 12n 92 The authorization system: \fBlogin\fR(1), \fBsu\fR(1M), \fBgetty\fR(1M), among 93 others. 94 .RE 95 96 .sp 97 .ne 2 98 .na 99 \fB\fBlpr\fR\fR 100 .ad 101 .RS 12n 102 The line printer spooling system: \fBlpr\fR(1B), \fBlpc\fR(1B), among others. 103 .RE 104 105 .sp 106 .ne 2 107 .na 108 \fB\fBnews\fR\fR 109 .ad 110 .RS 12n 111 Designated for the USENET network news system. 112 .RE 113 114 .sp 115 .ne 2 116 .na 117 \fB\fBuucp\fR\fR 118 .ad 119 .RS 12n 120 Designated for the UUCP system; it does not currently use the \fBsyslog\fR 121 mechanism. 122 .RE 123 124 .sp 125 .ne 2 126 .na 127 \fB\fBbsdcron\fR\fR 128 .ad 129 .RS 12n 130 Designated for the BSD cron/at system. 131 .RE 132 133 .sp 134 .ne 2 135 .na 136 \fB\fBauthpriv\fR\fR 137 .ad 138 .RS 12n 139 Designated for the BSD security/authorization system. 140 .RE 141 142 .sp 143 .ne 2 144 .na 145 \fB\fBftp\fR\fR 146 .ad 147 .RS 12n 148 Designated for the file transfer system. 149 .RE 150 151 .sp 152 .ne 2 153 .na 154 \fB\fBntp\fR\fR 155 .ad 156 .RS 12n 157 Designated for the network time system. 158 .RE 159 160 .sp 161 .ne 2 162 .na 163 \fB\fBaudit\fR\fR 164 .ad 165 .RS 12n 166 Designated for audit messages generated by systems that audit by means of 167 syslog. 168 .RE 169 170 .sp 171 .ne 2 172 .na 173 \fB\fBconsole\fR\fR 174 .ad 175 .RS 12n 176 Designated for the BSD console system. 177 .RE 178 179 .sp 180 .ne 2 181 .na 182 \fB\fBcron\fR\fR 183 .ad 184 .RS 12n 185 Designated for \fBcron\fR/\fBat\fR messages generated by systems that do 186 logging through \fBsyslog\fR. The current version of the Solaris Operating 187 Environment does not use this facility for logging. 188 .RE 189 190 .sp 191 .ne 2 192 .na 193 \fB\fBlocal0-7\fR\fR 194 .ad 195 .RS 12n 196 Designated for local use. 197 .RE 198 199 .sp 200 .ne 2 201 .na 202 \fB\fBmark\fR\fR 203 .ad 204 .RS 12n 205 For timestamp messages produced internally by \fBsyslogd\fR. 206 .RE 207 208 .sp 209 .ne 2 210 .na 211 \fB\fB*\fR\fR 212 .ad 213 .RS 12n 214 An asterisk indicates all facilities except for the \fBmark\fR facility. 215 .RE 216 217 .sp 218 .LP 219 Recognized values for \fIlevel\fR are (in descending order of severity): 220 .sp 221 .ne 2 222 .na 223 \fB\fBemerg\fR\fR 224 .ad 225 .RS 11n 226 For panic conditions that would normally be broadcast to all users. 227 .RE 228 229 .sp 230 .ne 2 231 .na 232 \fB\fBalert\fR\fR 233 .ad 234 .RS 11n 235 For conditions that should be corrected immediately, such as a corrupted system 236 database. 237 .RE 238 239 .sp 240 .ne 2 241 .na 242 \fB\fBcrit\fR\fR 243 .ad 244 .RS 11n 245 For warnings about critical conditions, such as hard device errors. 246 .RE 247 248 .sp 249 .ne 2 250 .na 251 \fB\fBerr\fR\fR 252 .ad 253 .RS 11n 254 For other errors. 255 .RE 256 257 .sp 258 .ne 2 259 .na 260 \fB\fBwarning\fR\fR 261 .ad 262 .RS 11n 263 For warning messages. 264 .RE 265 266 .sp 267 .ne 2 268 .na 269 \fB\fBnotice\fR\fR 270 .ad 271 .RS 11n 272 For conditions that are not error conditions, but may require special handling. 273 A configuration entry with a \fIlevel\fR value of \fBnotice\fR must appear on a 274 separate line. 275 .RE 276 277 .sp 278 .ne 2 279 .na 280 \fB\fBinfo\fR\fR 281 .ad 282 .RS 11n 283 Informational messages. 284 .RE 285 286 .sp 287 .ne 2 288 .na 289 \fB\fBdebug\fR\fR 290 .ad 291 .RS 11n 292 For messages that are normally used only when debugging a program. 293 .RE 294 295 .sp 296 .ne 2 297 .na 298 \fB\fBnone\fR\fR 299 .ad 300 .RS 11n 301 Do not send messages from the indicated \fIfacility\fR to the selected file. 302 For example, a \fIselector\fR of 303 .sp 304 \fB*.debug;mail.none\fR 305 .sp 306 sends all messages \fIexcept\fR mail messages to the selected file. 307 .RE 308 309 .sp 310 .LP 311 For a given \fIfacility\fR and \fIlevel\fR, \fBsyslogd\fR matches all messages 312 for that level and all higher levels. For example, an entry that specifies a 313 level of \fBcrit\fR also logs messages at the \fBalert\fR and \fBemerg\fR 314 levels. 315 .sp 316 .LP 317 The \fIaction\fR field indicates where to forward the message. Values for this 318 field can have one of four forms: 319 .RS +4 320 .TP 321 .ie t \(bu 322 .el o 323 A filename, beginning with a leading slash, which indicates that messages 324 specified by the \fIselector\fR are to be written to the specified file. The 325 file is opened in append mode if it exists. If the file does not exist, logging 326 silently fails for this action. 327 .RE 328 .RS +4 329 .TP 330 .ie t \(bu 331 .el o 332 The name of a remote host, prefixed with an \fB@\fR, as with: 333 \fB@\fR\fIserver\fR, which indicates that messages specified by the 334 \fIselector\fR are to be forwarded to the \fBsyslogd\fR on the named host. The 335 hostname "loghost" is treated, in the default \fBsyslog.conf\fR, as the 336 hostname given to the machine that logs \fBsyslogd\fR messages. Every machine 337 is "loghost" by default, per the hosts database. It is also possible to specify 338 one machine on a network to be "loghost" by, literally, naming the machine 339 "loghost". If the local machine is designated to be "loghost", then 340 \fBsyslogd\fR messages are written to the appropriate files. Otherwise, they 341 are sent to the machine "loghost" on the network. 342 .RE 343 .RS +4 344 .TP 345 .ie t \(bu 346 .el o 347 A comma-separated list of usernames, which indicates that messages specified by 348 the \fIselector\fR are to be written to the named users if they are logged in. 349 .RE 350 .RS +4 351 .TP 352 .ie t \(bu 353 .el o 354 An asterisk, which indicates that messages specified by the \fIselector\fR are 355 to be written to all logged-in users. 356 .RE 357 .sp 358 .LP 359 Blank lines are ignored. Lines for which the first nonwhite character is 360 a '\fB#\fR' are treated as comments. 361 .SH EXAMPLES 362 .LP 363 \fBExample 1 \fRA Sample Configuration File 364 .sp 365 .LP 366 With the following configuration file: 367 368 .sp 369 370 .sp 371 .TS 372 l l 373 l l . 374 \fB*.notice\fR \fB/var/log/notice\fR 375 \fBmail.info\fR \fB/var/log/notice\fR 376 \fB*.crit\fR \fB/var/log/critical\fR 377 \fBkern,mark.debug\fR \fB/dev/console\fR 378 \fBkern.err\fR \fB@server\fR 379 \fB*.emerg\fR \fB*\fR 380 \fB*.alert\fR \fBroot,operator\fR 381 \fB*.alert;auth.warning\fR \fB/var/log/auth\fR 382 .TE 383 384 .sp 385 .LP 386 \fBsyslogd\fR(1M) logs all mail system messages except \fBdebug\fR messages and 387 all \fBnotice\fR (or higher) messages into a file named \fB/var/log/notice\fR. 388 It logs all critical messages into \fB/var/log/critical\fR, and all kernel 389 messages and 20-minute marks onto the system console. 390 391 .sp 392 .LP 393 Kernel messages of \fBerr\fR (error) severity or higher are forwarded to the 394 machine named \fBserver\fR. Emergency messages are forwarded to all users. The 395 users \fBroot\fR and \fBoperator\fR are informed of any \fBalert\fR messages. 396 All messages from the authorization system of \fBwarning\fR level or higher are 397 logged in the file \fB/var/log/auth\fR. 398 399 .SH ATTRIBUTES 400 .sp 401 .LP 402 See \fBattributes\fR(5) for descriptions of the following attributes: 403 .sp 404 405 .sp 406 .TS 407 box; 408 c | c 409 l | l . 410 ATTRIBUTE TYPE ATTRIBUTE VALUE 411 _ 412 Interface Stability Stable 413 .TE 414 415 .SH SEE ALSO 416 .sp 417 .LP 418 \fBat\fR(1), \fBcrontab\fR(1), \fBlogger\fR(1), \fBlogin\fR(1), \fBlp\fR(1), 419 \fBlpc\fR(1B), \fBlpr\fR(1B), \fBm4\fR(1), \fBcron\fR(1M), \fBgetty\fR(1M), 420 \fBin.ftpd\fR(1M), \fBsu\fR(1M), \fBsyslogd\fR(1M), \fBsyslog\fR(3C), 421 \fBhosts\fR(4), \fBattributes\fR(5)