1 '\" te 2 .\" Copyright (c) 2013 Gary Mills 3 .\" Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved. 4 .\" Copyright (c) 1983 Regents of the University of California. All rights reserved. The Berkeley software License Agreement specifies the terms and conditions for redistribution. 5 .TH SYSLOG.CONF 4 "Nov 19, 2013" 6 .SH NAME 7 syslog.conf \- configuration file for syslogd system log daemon 8 .SH SYNOPSIS 9 .LP 10 .nf 11 \fB/etc/syslog.conf\fR 12 .fi 13 14 .SH DESCRIPTION 15 .sp 16 .LP 17 The file \fB/etc/syslog.conf\fR contains information used by the system log 18 daemon, \fBsyslogd\fR(1M), to forward a system message to appropriate log files 19 and/or users. \fBsyslogd\fR preprocesses this file through \fBm4\fR(1) to 20 obtain the correct information for certain log files, defining \fBLOGHOST\fR if 21 the address of "loghost" is the same as one of the addresses of the host that 22 is running \fBsyslogd\fR. 23 .sp 24 .LP 25 A configuration entry is composed of two TAB-separated fields: 26 .sp 27 .in +2 28 .nf 29 \fIselector action\fR 30 .fi 31 .in -2 32 33 .sp 34 .LP 35 The \fIselector\fR field contains a semicolon-separated list of priority 36 specifications of the form: 37 .sp 38 .in +2 39 .nf 40 \fIfacility\fR\fB\&.\fR\fIlevel\fR [ \fB;\fR \fIfacility\fR\fB\&.\fR\fIlevel\fR ] 41 .fi 42 .in -2 43 44 .sp 45 .LP 46 where \fIfacility\fR is a system facility, or comma-separated list of 47 facilities, and \fIlevel\fR is an indication of the severity of the condition 48 being logged. 49 The presence of a facility name only implies that it is available. 50 Each individual service determines which facility it will use for logging. 51 In particular, many facilities are only useful for \fBsyslog\fR messages 52 that are forwarded from other operating systems. 53 Recognized values for \fIfacility\fR include: 54 .sp 55 .ne 2 56 .na 57 \fB\fBkern\fR\fR 58 .ad 59 .RS 12n 60 Messages generated by the kernel. 61 .RE 62 63 .sp 64 .ne 2 65 .na 66 \fB\fBuser\fR\fR 67 .ad 68 .RS 12n 69 Messages generated by user processes. This is the default priority for messages 70 from programs or facilities not listed in this file. 71 .RE 72 73 .sp 74 .ne 2 75 .na 76 \fB\fBmail\fR\fR 77 .ad 78 .RS 12n 79 The mail system. 80 .RE 81 82 .sp 83 .ne 2 84 .na 85 \fB\fBdaemon\fR\fR 86 .ad 87 .RS 12n 88 Various system daemons. 89 .RE 90 91 .sp 92 .ne 2 93 .na 94 \fB\fBauth\fR\fR 95 .ad 96 .RS 12n 97 The authorization system: \fBlogin\fR(1), \fBsu\fR(1M), \fBgetty\fR(1M), among 98 others. 99 .RE 100 101 .sp 102 .ne 2 103 .na 104 \fB\fBlpr\fR\fR 105 .ad 106 .RS 12n 107 The line printer spooling system: \fBlpr\fR(1B), \fBlpc\fR(1B), among others. 108 .RE 109 110 .sp 111 .ne 2 112 .na 113 \fB\fBnews\fR\fR 114 .ad 115 .RS 12n 116 Designated for the USENET network news system. 117 .RE 118 119 .sp 120 .ne 2 121 .na 122 \fB\fBuucp\fR\fR 123 .ad 124 .RS 12n 125 Designated for the UUCP system; it does not currently use the \fBsyslog\fR 126 mechanism. 127 .RE 128 129 .sp 130 .ne 2 131 .na 132 \fB\fBaltcron\fR\fR 133 .ad 134 .RS 12n 135 Designated for the BSD cron/at system. 136 .RE 137 138 .sp 139 .ne 2 140 .na 141 \fB\fBauthpriv\fR\fR 142 .ad 143 .RS 12n 144 Designated for the BSD security/authorization system. 145 .RE 146 147 .sp 148 .ne 2 149 .na 150 \fB\fBftp\fR\fR 151 .ad 152 .RS 12n 153 Designated for the file transfer system. 154 The current version of \fBin.ftpd\fR(1M) does not use this facility 155 for logging. 156 .RE 157 158 .sp 159 .ne 2 160 .na 161 \fB\fBntp\fR\fR 162 .ad 163 .RS 12n 164 Designated for the network time system. 165 .RE 166 167 .sp 168 .ne 2 169 .na 170 \fB\fBaudit\fR\fR 171 .ad 172 .RS 12n 173 Designated for audit messages generated by systems that audit by means of 174 syslog. 175 .RE 176 177 .sp 178 .ne 2 179 .na 180 \fB\fBconsole\fR\fR 181 .ad 182 .RS 12n 183 Designated for the BSD console system. 184 .RE 185 186 .sp 187 .ne 2 188 .na 189 \fB\fBcron\fR\fR 190 .ad 191 .RS 12n 192 Designated for \fBcron\fR/\fBat\fR messages generated by systems that do 193 logging through \fBsyslog\fR. 194 The current versions of \fBcron\fR and \fBat\fR do not use this facility 195 for logging. 196 .RE 197 198 .sp 199 .ne 2 200 .na 201 \fB\fBlocal0-7\fR\fR 202 .ad 203 .RS 12n 204 Designated for local use. 205 .RE 206 207 .sp 208 .ne 2 209 .na 210 \fB\fBmark\fR\fR 211 .ad 212 .RS 12n 213 For timestamp messages produced internally by \fBsyslogd\fR. 214 .RE 215 216 .sp 217 .ne 2 218 .na 219 \fB\fB*\fR\fR 220 .ad 221 .RS 12n 222 An asterisk indicates all facilities except for the \fBmark\fR facility. 223 .RE 224 225 .sp 226 .LP 227 Recognized values for \fIlevel\fR are (in descending order of severity): 228 .sp 229 .ne 2 230 .na 231 \fB\fBemerg\fR\fR 232 .ad 233 .RS 11n 234 For panic conditions that would normally be broadcast to all users. 235 .RE 236 237 .sp 238 .ne 2 239 .na 240 \fB\fBalert\fR\fR 241 .ad 242 .RS 11n 243 For conditions that should be corrected immediately, such as a corrupted system 244 database. 245 .RE 246 247 .sp 248 .ne 2 249 .na 250 \fB\fBcrit\fR\fR 251 .ad 252 .RS 11n 253 For warnings about critical conditions, such as hard device errors. 254 .RE 255 256 .sp 257 .ne 2 258 .na 259 \fB\fBerr\fR\fR 260 .ad 261 .RS 11n 262 For other errors. 263 .RE 264 265 .sp 266 .ne 2 267 .na 268 \fB\fBwarning\fR\fR 269 .ad 270 .RS 11n 271 For warning messages. 272 .RE 273 274 .sp 275 .ne 2 276 .na 277 \fB\fBnotice\fR\fR 278 .ad 279 .RS 11n 280 For conditions that are not error conditions, but may require special handling. 281 A configuration entry with a \fIlevel\fR value of \fBnotice\fR must appear on a 282 separate line. 283 .RE 284 285 .sp 286 .ne 2 287 .na 288 \fB\fBinfo\fR\fR 289 .ad 290 .RS 11n 291 Informational messages. 292 .RE 293 294 .sp 295 .ne 2 296 .na 297 \fB\fBdebug\fR\fR 298 .ad 299 .RS 11n 300 For messages that are normally used only when debugging a program. 301 .RE 302 303 .sp 304 .ne 2 305 .na 306 \fB\fBnone\fR\fR 307 .ad 308 .RS 11n 309 Do not send messages from the indicated \fIfacility\fR to the selected file. 310 For example, a \fIselector\fR of 311 .sp 312 \fB*.debug;mail.none\fR 313 .sp 314 sends all messages \fIexcept\fR mail messages to the selected file. 315 .RE 316 317 .sp 318 .LP 319 For a given \fIfacility\fR and \fIlevel\fR, \fBsyslogd\fR matches all messages 320 for that level and all higher levels. For example, an entry that specifies a 321 level of \fBcrit\fR also logs messages at the \fBalert\fR and \fBemerg\fR 322 levels. 323 .sp 324 .LP 325 The \fIaction\fR field indicates where to forward the message. Values for this 326 field can have one of four forms: 327 .RS +4 328 .TP 329 .ie t \(bu 330 .el o 331 A filename, beginning with a leading slash, which indicates that messages 332 specified by the \fIselector\fR are to be written to the specified file. The 333 file is opened in append mode if it exists. If the file does not exist, logging 334 silently fails for this action. 335 .RE 336 .RS +4 337 .TP 338 .ie t \(bu 339 .el o 340 The name of a remote host, prefixed with an \fB@\fR, as with: 341 \fB@\fR\fIserver\fR, which indicates that messages specified by the 342 \fIselector\fR are to be forwarded to the \fBsyslogd\fR on the named host. The 343 hostname "loghost" is treated, in the default \fBsyslog.conf\fR, as the 344 hostname given to the machine that logs \fBsyslogd\fR messages. Every machine 345 is "loghost" by default, per the hosts database. It is also possible to specify 346 one machine on a network to be "loghost" by, literally, naming the machine 347 "loghost". If the local machine is designated to be "loghost", then 348 \fBsyslogd\fR messages are written to the appropriate files. Otherwise, they 349 are sent to the machine "loghost" on the network. 350 .RE 351 .RS +4 352 .TP 353 .ie t \(bu 354 .el o 355 A comma-separated list of usernames, which indicates that messages specified by 356 the \fIselector\fR are to be written to the named users if they are logged in. 357 .RE 358 .RS +4 359 .TP 360 .ie t \(bu 361 .el o 362 An asterisk, which indicates that messages specified by the \fIselector\fR are 363 to be written to all logged-in users. 364 .RE 365 .sp 366 .LP 367 Blank lines are ignored. Lines for which the first nonwhite character is 368 a '\fB#\fR' are treated as comments. 369 .SH EXAMPLES 370 .LP 371 \fBExample 1 \fRA Sample Configuration File 372 .sp 373 .LP 374 With the following configuration file: 375 376 .sp 377 378 .sp 379 .TS 380 l l 381 l l . 382 \fB*.notice\fR \fB/var/log/notice\fR 383 \fBmail.info\fR \fB/var/log/notice\fR 384 \fB*.crit\fR \fB/var/log/critical\fR 385 \fBkern,mark.debug\fR \fB/dev/console\fR 386 \fBkern.err\fR \fB@server\fR 387 \fB*.emerg\fR \fB*\fR 388 \fB*.alert\fR \fBroot,operator\fR 389 \fB*.alert;auth.warning\fR \fB/var/log/auth\fR 390 .TE 391 392 .sp 393 .LP 394 \fBsyslogd\fR(1M) logs all mail system messages except \fBdebug\fR messages and 395 all \fBnotice\fR (or higher) messages into a file named \fB/var/log/notice\fR. 396 It logs all critical messages into \fB/var/log/critical\fR, and all kernel 397 messages and 20-minute marks onto the system console. 398 399 .sp 400 .LP 401 Kernel messages of \fBerr\fR (error) severity or higher are forwarded to the 402 machine named \fBserver\fR. Emergency messages are forwarded to all users. The 403 users \fBroot\fR and \fBoperator\fR are informed of any \fBalert\fR messages. 404 All messages from the authorization system of \fBwarning\fR level or higher are 405 logged in the file \fB/var/log/auth\fR. 406 407 .SH ATTRIBUTES 408 .sp 409 .LP 410 See \fBattributes\fR(5) for descriptions of the following attributes: 411 .sp 412 413 .sp 414 .TS 415 box; 416 c | c 417 l | l . 418 ATTRIBUTE TYPE ATTRIBUTE VALUE 419 _ 420 Interface Stability Stable 421 .TE 422 423 .SH SEE ALSO 424 .sp 425 .LP 426 \fBat\fR(1), \fBcrontab\fR(1), \fBlogger\fR(1), \fBlogin\fR(1), \fBlp\fR(1), 427 \fBlpc\fR(1B), \fBlpr\fR(1B), \fBm4\fR(1), \fBcron\fR(1M), \fBgetty\fR(1M), 428 \fBin.ftpd\fR(1M), \fBsu\fR(1M), \fBsyslogd\fR(1M), \fBsyslog\fR(3C), 429 \fBhosts\fR(4), \fBattributes\fR(5)