Info Node: (inetutils.info)syslogd invocation
inetutils.info: syslogd invocation
Top 
ftpd invocation 
inetd invocation 
Back to Software Index
19 'syslogd': system service logging faclity
********************************************
'syslogd' is a system service that provides error logging facility.
Messages are read from the UNIX domain socket '/dev/log', from an
Internet domain socket specified in '/etc/services', and from the
special device '/dev/klog' (to read kernel messages).
'syslogd' creates the file '/var/run/syslog.pid', and stores its
process id there. This can be used to kill or reconfigure 'syslogd'.
The message sent to 'syslogd' should consist of a single line. The
message can contain a priority code, which should be a preceding decimal
number in angle braces, for example, '<5>'. This priority code should
map into the priorities defined in the include file 'sys/syslog.h'.
syslogd [OPTIONS]...
'-f FILE'
'--rcfile=FILE'
Override configuration (the default file is '/etc/syslog.conf').
'-D DIR'
'--rcdir=DIR'
Override configuration directory (the default is '/etc/syslog.d').
'--pidfile=FILE'
Override pidfile (the default file is '/var/run/syslogd.pid').
'-n'
'--no-detach'
Do not enter daemon mode.
'-d'
'--debug'
Print debug information (implies '-n').
'-p FILE'
'--socket=FILE'
Override default UNIX domain socket '/dev/log'.
'-a SOCKET'
Add UNIX socket to listen. An unlimited number of sockets is
allowed.
'-r'
'--inet'
Receive remote messages via Internet domain socket. Without this
option no remote massages are received, since there is no listening
socket. Yet sockets for forwarding are created on the fly as
needed, which might cause performance issues on busy systems.
'-b ADDRESS'
'--bind=ADDRESS'
Restrict the listening Internet domain socket to a single address.
The default (given the use of '-r') is a wildcard address, implying
that the server listens at every available address. Any name will
be resolved, and the lookup result will depend on the options '-4',
'-6', and '--ipany'.
'--no-unixaf'
Do not listen on UNIX domain sockets (overrides '-a' and '-p').
'--no-klog'
Do not listen to the kernel log device '/dev/klog'.
'--ipany'
Allow both address families: IPv4 and IPv6.
'-4'
'--ipv4'
Use only IPv4 for Internet domain sockets.
'-6'
'--ipv6'
Use only IPv6 for Internet domain sockets.
'--no-forward'
Do not forward any messages (overrides '-h'). This disables even
temporary creation of forwarding sockets, an ability which is
otherwise active when the option '-r' is left out.
'-h'
'--hop'
Forward messages from remote hosts.
'-m INTERVAL'
'--mark=INTERVAL'
Specify timestamp interval expressed in minutes (0 for no
timestamping).
'-l HOSTLIST'
Log hosts in HOSTLIST by their hostname. Multiple lists are
allowed.
'-s DOMAINLIST'
List of domains which should be stripped from the FQDN of hosts
before logging their name. Multiple lists are allowed.
19.1 Configuration file
=======================
'syslogd' reads its configuration file when it starts up and whenever it
receives a hangup signal. The 'syslog.conf' file is the main
configuration file for the 'syslogd' program. In addition, the server
looks below the directory 'syslog.d/' for further configuration files,
making it easy to arrange a common set of logging conventions in
'syslog.conf', augmented by system and service specific drop-in
configuration in 'syslog.d/'.
Each configuration file consists of lines with two fields: a
"selector" field which specifies the types of messages and priorities to
which the line applies, and an "action" field which specifies the action
to be taken if a message 'syslogd' receives matches the selection
criteria. The selector field is separated from the action field by one
or more tab or space characters. A rule can be split in several lines
if all lines except the last are terminated with a backslash '\'.
There are two exceptional forms of line content. The first is the
"tagged selector", and the second is a comment. The latter begins with
an octothorp ('#'), also called hash, and continues until end-of-line.
A tagged selector commences with an exclamation mark, as in '!name',
or with a shebang, like '#! name', and continues with a program name, a
"tag" in the sense used by 'logger'. It has the effect of applying the
following configuration rules only to messages submitted with the
specified tag. This selection remains in effect until another tag is
selected, or until it is reset by means of stating the program name as
an asterisque '*'.
The selector fields are encoded as a facility, followed by a period
('.'), and a level, with no intervening white-space. The facility as
well as the level are case insensitive.
The facility describes the part of the system generating the message,
and is one of the following keywords: 'auth', 'authpriv', 'cron',
'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'syslog', 'user',
'uucp' and 'local0' through 'local7'. These keywords (with the
exception of 'mark') correspond to the similar 'LOG_' values specified
to the 'openlog' and 'syslog' library routines. *Note Syslog:
(libc)Syslog, for details.
The level describes the severity of the message, and is a keyword
from the following ordered list (higher to lower): 'emerg', 'alert',
'crit', 'err, warning', 'notice' and 'debug'. These keywords correspond
to the similar 'LOG_' values specified to the syslog library routine.
Note: syslog and vsyslog, for a further
descriptions of both the facility and level keywords and their
significance.
If a received message matches the specified facility and is of the
specified level (or a higher level), the action specified in the action
field will be taken.
Multiple selectors may be specified for a single action by separating
them with semicolon (';') characters. It is important to note, however,
that each selector can modify the ones preceding it.
Multiple facilities may be specified for a single level by separating
them with comma (',') characters.
An asterisk ('*') can be used to specify all facilities or all
levels. Two asterisks ('**') specifie all facilities not named
previously in the configuration file.
By default, a level applies to all messages with the same or higher
level. The equal ('=') character can be prepended to a level to
restrict this line of the configuration file to messages with the very
same level.
An exclamation mark ('!') prepended to a level or the asterisk means
that this line of the configuration file does not apply to the specified
level (and higher ones). In conjunction with the equal sign, you can
exclude single levels as well.
The special facility 'mark' receives a message at priority 'info'
every 20 minutes. This is not enabled by a facility field containing an
asterisk.
The special level 'none' disables a particular facility.
The action field of each line specifies the action to be taken when
the selector field selects a message. There are five forms:
* A pathname (beginning with a leading slash). Selected messages are
appended to the file.
You may prepend a minus ('-') to the path to omit syncing the file
after each message log. This can cause data loss at system
crashes, but increases performance for programs which use logging
extensively.
* A named pipe, beginning with a vertical bar ('|') followed by a
pathname. The pipe must be created with 'mkfifo' before 'syslogd'
reads its configuration file. This feature is especially useful
for debugging.
* A hostname (preceded by an at ('@') sign). Selected messages are
forwarded to 'syslogd' on the named host.
* A comma separated list of users. Selected messages are written to
those users if they are logged in.
* An asterisk. Selected messages are written to all logged-in users.
Blank lines and lines whose first non-blank character is a hash
('#') character are ignored.
A configuration file might appear as follows:
# Log all kernel messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
*.err;kern.*;auth.notice;authpriv.none /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
*.emerg @arpa.berkeley.edu
# Root and Eric get alert and higher messages.
*.alert root,eric
# Simplify security auditing, by collecting sudo uses.
! sudo
*.info /var/log/sudo
# Collect time server reports.
#! ntpd
*.* /var/log/ntpd
# Stop selecting on message tags.
!*
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spoolerr
The effects of multiple selectors are sometimes not intuitive. For
example 'mail.crit,*.err' will select the 'mail' facility messages at
the level of 'err' or higher, not at the level of 'crit' or higher.
automatically generated by info2www version 1.2