1 '\" te
   2 .\" Copyright (c) 2013 Gary Mills
   3 .\" Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved.
   4 .\" Copyright (c) 1983 Regents of the University of California.  All rights reserved.  The Berkeley software License Agreement  specifies the terms and conditions for redistribution.
   5 .TH SYSLOG.CONF 4 "Oct 17, 2013"
   6 .SH NAME
   7 syslog.conf \- configuration file for syslogd system log daemon
   8 .SH SYNOPSIS
   9 .LP
  10 .nf
  11 \fB/etc/syslog.conf\fR
  12 .fi
  13 
  14 .SH DESCRIPTION
  15 .sp
  16 .LP
  17 The file \fB/etc/syslog.conf\fR contains information used by the system log
  18 daemon, \fBsyslogd\fR(1M), to forward a system message to appropriate log files
  19 and/or users. \fBsyslogd\fR preprocesses this file through \fBm4\fR(1) to
  20 obtain the correct information for certain log files, defining \fBLOGHOST\fR if
  21 the address of "loghost" is the same as one of the addresses of the host that
  22 is running \fBsyslogd\fR.
  23 .sp
  24 .LP
  25 A configuration entry is composed of two TAB-separated fields:
  26 .sp
  27 .in +2
  28 .nf
  29 \fIselector             action\fR
  30 .fi
  31 .in -2
  32 
  33 .sp
  34 .LP
  35 The \fIselector\fR field contains a semicolon-separated list of priority
  36 specifications of the form:
  37 .sp
  38 .in +2
  39 .nf
  40 \fIfacility\fR\fB\&.\fR\fIlevel\fR [ \fB;\fR \fIfacility\fR\fB\&.\fR\fIlevel\fR ]
  41 .fi
  42 .in -2
  43 
  44 .sp
  45 .LP
  46 where \fIfacility\fR is a system facility, or comma-separated list of
  47 facilities, and \fIlevel\fR is an indication of the severity of the condition
  48 being logged. Recognized values for \fIfacility\fR include:
  49 .sp
  50 .ne 2
  51 .na
  52 \fB\fBkern\fR\fR
  53 .ad
  54 .RS 12n
  55 Messages generated by the kernel.
  56 .RE
  57 
  58 .sp
  59 .ne 2
  60 .na
  61 \fB\fBuser\fR\fR
  62 .ad
  63 .RS 12n
  64 Messages generated by user processes. This is the default priority for messages
  65 from programs or facilities not listed in this file.
  66 .RE
  67 
  68 .sp
  69 .ne 2
  70 .na
  71 \fB\fBmail\fR\fR
  72 .ad
  73 .RS 12n
  74 The mail system.
  75 .RE
  76 
  77 .sp
  78 .ne 2
  79 .na
  80 \fB\fBdaemon\fR\fR
  81 .ad
  82 .RS 12n
  83 System daemons, such as \fBin.ftpd\fR(1M)
  84 .RE
  85 
  86 .sp
  87 .ne 2
  88 .na
  89 \fB\fBauth\fR\fR
  90 .ad
  91 .RS 12n
  92 The authorization system: \fBlogin\fR(1), \fBsu\fR(1M), \fBgetty\fR(1M), among
  93 others.
  94 .RE
  95 
  96 .sp
  97 .ne 2
  98 .na
  99 \fB\fBlpr\fR\fR
 100 .ad
 101 .RS 12n
 102 The line printer spooling system: \fBlpr\fR(1B), \fBlpc\fR(1B), among others.
 103 .RE
 104 
 105 .sp
 106 .ne 2
 107 .na
 108 \fB\fBnews\fR\fR
 109 .ad
 110 .RS 12n
 111 Designated for the USENET network news system.
 112 .RE
 113 
 114 .sp
 115 .ne 2
 116 .na
 117 \fB\fBuucp\fR\fR
 118 .ad
 119 .RS 12n
 120 Designated for the UUCP system; it does not currently use the \fBsyslog\fR
 121 mechanism.
 122 .RE
 123 
 124 .sp
 125 .ne 2
 126 .na
 127 \fB\fBbsdcron\fR\fR
 128 .ad
 129 .RS 12n
 130 Designated for the BSD cron/at system.
 131 .RE
 132 
 133 .sp
 134 .ne 2
 135 .na
 136 \fB\fBauthpriv\fR\fR
 137 .ad
 138 .RS 12n
 139 Designated for the BSD security/authorization system.
 140 .RE
 141 
 142 .sp
 143 .ne 2
 144 .na
 145 \fB\fBftp\fR\fR
 146 .ad
 147 .RS 12n
 148 Designated for the file transfer system.
 149 .RE
 150 
 151 .sp
 152 .ne 2
 153 .na
 154 \fB\fBntp\fR\fR
 155 .ad
 156 .RS 12n
 157 Designated for the network time system.
 158 .RE
 159 
 160 .sp
 161 .ne 2
 162 .na
 163 \fB\fBaudit\fR\fR
 164 .ad
 165 .RS 12n
 166 Designated for audit messages generated by systems that audit by means of
 167 syslog.
 168 .RE
 169 
 170 .sp
 171 .ne 2
 172 .na
 173 \fB\fBconsole\fR\fR
 174 .ad
 175 .RS 12n
 176 Designated for the BSD console system.
 177 .RE
 178 
 179 .sp
 180 .ne 2
 181 .na
 182 \fB\fBcron\fR\fR
 183 .ad
 184 .RS 12n
 185 Designated for \fBcron\fR/\fBat\fR messages generated by systems that do
 186 logging through \fBsyslog\fR. The current version of the Solaris Operating
 187 Environment does not use this facility for logging.
 188 .RE
 189 
 190 .sp
 191 .ne 2
 192 .na
 193 \fB\fBlocal0-7\fR\fR
 194 .ad
 195 .RS 12n
 196 Designated for local use.
 197 .RE
 198 
 199 .sp
 200 .ne 2
 201 .na
 202 \fB\fBmark\fR\fR
 203 .ad
 204 .RS 12n
 205 For timestamp messages produced internally by \fBsyslogd\fR.
 206 .RE
 207 
 208 .sp
 209 .ne 2
 210 .na
 211 \fB\fB*\fR\fR
 212 .ad
 213 .RS 12n
 214 An asterisk indicates all facilities except for the \fBmark\fR facility.
 215 .RE
 216 
 217 .sp
 218 .LP
 219 Recognized values for \fIlevel\fR are (in descending order of severity):
 220 .sp
 221 .ne 2
 222 .na
 223 \fB\fBemerg\fR\fR
 224 .ad
 225 .RS 11n
 226 For panic conditions that would normally be broadcast to all users.
 227 .RE
 228 
 229 .sp
 230 .ne 2
 231 .na
 232 \fB\fBalert\fR\fR
 233 .ad
 234 .RS 11n
 235 For conditions that should be corrected immediately, such as a corrupted system
 236 database.
 237 .RE
 238 
 239 .sp
 240 .ne 2
 241 .na
 242 \fB\fBcrit\fR\fR
 243 .ad
 244 .RS 11n
 245 For warnings about critical conditions, such as hard device errors.
 246 .RE
 247 
 248 .sp
 249 .ne 2
 250 .na
 251 \fB\fBerr\fR\fR
 252 .ad
 253 .RS 11n
 254 For other errors.
 255 .RE
 256 
 257 .sp
 258 .ne 2
 259 .na
 260 \fB\fBwarning\fR\fR
 261 .ad
 262 .RS 11n
 263 For warning messages.
 264 .RE
 265 
 266 .sp
 267 .ne 2
 268 .na
 269 \fB\fBnotice\fR\fR
 270 .ad
 271 .RS 11n
 272 For conditions that are not error conditions, but may require special handling.
 273 A configuration entry with a \fIlevel\fR value of \fBnotice\fR must appear on a
 274 separate line.
 275 .RE
 276 
 277 .sp
 278 .ne 2
 279 .na
 280 \fB\fBinfo\fR\fR
 281 .ad
 282 .RS 11n
 283 Informational messages.
 284 .RE
 285 
 286 .sp
 287 .ne 2
 288 .na
 289 \fB\fBdebug\fR\fR
 290 .ad
 291 .RS 11n
 292 For messages that are normally used only when debugging a program.
 293 .RE
 294 
 295 .sp
 296 .ne 2
 297 .na
 298 \fB\fBnone\fR\fR
 299 .ad
 300 .RS 11n
 301 Do not send messages from the indicated \fIfacility\fR to the selected file.
 302 For example, a \fIselector\fR of
 303 .sp
 304 \fB*.debug;mail.none\fR
 305 .sp
 306 sends all messages \fIexcept\fR mail messages to the selected file.
 307 .RE
 308 
 309 .sp
 310 .LP
 311 For a given \fIfacility\fR and \fIlevel\fR, \fBsyslogd\fR matches all messages
 312 for that level and all higher levels. For example, an entry that specifies a
 313 level of \fBcrit\fR also logs messages at the \fBalert\fR and \fBemerg\fR
 314 levels.
 315 .sp
 316 .LP
 317 The \fIaction\fR field indicates where to forward the message. Values for this
 318 field can have one of four forms:
 319 .RS +4
 320 .TP
 321 .ie t \(bu
 322 .el o
 323 A filename, beginning with a leading slash, which indicates that messages
 324 specified by the \fIselector\fR are to be written to the specified file. The
 325 file is opened in append mode if it exists. If the file does not exist, logging
 326 silently fails for this action.
 327 .RE
 328 .RS +4
 329 .TP
 330 .ie t \(bu
 331 .el o
 332 The name of a remote host, prefixed with an \fB@\fR, as with:
 333 \fB@\fR\fIserver\fR, which indicates that messages specified by the
 334 \fIselector\fR are to be forwarded to the \fBsyslogd\fR on the named host. The
 335 hostname "loghost" is treated, in the default \fBsyslog.conf\fR, as the
 336 hostname given to the machine that logs \fBsyslogd\fR messages. Every machine
 337 is "loghost" by default, per the hosts database. It is also possible to specify
 338 one machine on a network to be "loghost" by, literally, naming the machine
 339 "loghost". If the local machine is designated to be "loghost", then
 340 \fBsyslogd\fR messages are written to the appropriate files. Otherwise, they
 341 are sent to the machine "loghost" on the network.
 342 .RE
 343 .RS +4
 344 .TP
 345 .ie t \(bu
 346 .el o
 347 A comma-separated list of usernames, which indicates that messages specified by
 348 the \fIselector\fR are to be written to the named users if they are logged in.
 349 .RE
 350 .RS +4
 351 .TP
 352 .ie t \(bu
 353 .el o
 354 An asterisk, which indicates that messages specified by the \fIselector\fR are
 355 to be written to all logged-in users.
 356 .RE
 357 .sp
 358 .LP
 359 Blank lines are ignored. Lines for which the first nonwhite character is
 360 a '\fB#\fR' are treated as comments.
 361 .SH EXAMPLES
 362 .LP
 363 \fBExample 1 \fRA Sample Configuration File
 364 .sp
 365 .LP
 366 With the following configuration file:
 367 
 368 .sp
 369 
 370 .sp
 371 .TS
 372 l l
 373 l l .
 374 \fB*.notice\fR  \fB/var/log/notice\fR
 375 \fBmail.info\fR \fB/var/log/notice\fR
 376 \fB*.crit\fR    \fB/var/log/critical\fR
 377 \fBkern,mark.debug\fR   \fB/dev/console\fR
 378 \fBkern.err\fR  \fB@server\fR
 379 \fB*.emerg\fR   \fB*\fR
 380 \fB*.alert\fR   \fBroot,operator\fR
 381 \fB*.alert;auth.warning\fR      \fB/var/log/auth\fR
 382 .TE
 383 
 384 .sp
 385 .LP
 386 \fBsyslogd\fR(1M) logs all mail system messages except \fBdebug\fR messages and
 387 all \fBnotice\fR (or higher) messages into a file named \fB/var/log/notice\fR.
 388 It logs all critical messages into \fB/var/log/critical\fR, and all kernel
 389 messages and 20-minute marks onto the system console.
 390 
 391 .sp
 392 .LP
 393 Kernel messages of \fBerr\fR (error) severity or higher are forwarded to the
 394 machine named \fBserver\fR. Emergency messages are forwarded to all users. The
 395 users \fBroot\fR and \fBoperator\fR are informed of any \fBalert\fR messages.
 396 All messages from the authorization system of \fBwarning\fR level or higher are
 397 logged in the file \fB/var/log/auth\fR.
 398 
 399 .SH ATTRIBUTES
 400 .sp
 401 .LP
 402 See \fBattributes\fR(5) for descriptions of the following attributes:
 403 .sp
 404 
 405 .sp
 406 .TS
 407 box;
 408 c | c
 409 l | l .
 410 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 411 _
 412 Interface Stability     Stable
 413 .TE
 414 
 415 .SH SEE ALSO
 416 .sp
 417 .LP
 418 \fBat\fR(1), \fBcrontab\fR(1), \fBlogger\fR(1), \fBlogin\fR(1), \fBlp\fR(1),
 419 \fBlpc\fR(1B), \fBlpr\fR(1B), \fBm4\fR(1), \fBcron\fR(1M), \fBgetty\fR(1M),
 420 \fBin.ftpd\fR(1M), \fBsu\fR(1M), \fBsyslogd\fR(1M), \fBsyslog\fR(3C),
 421 \fBhosts\fR(4), \fBattributes\fR(5)