1syslog.conf(4) File Formats syslog.conf(4)
2
3
4
6 syslog.conf - configuration file for syslogd system log daemon
7
9 /etc/syslog.conf
10
11
13 The file /etc/syslog.conf contains information used by the system log
14 daemon, syslogd(1M), to forward a system message to appropriate log
15 files and/or users. syslogd preprocesses this file through m4(1) to
16 obtain the correct information for certain log files, defining LOGHOST
17 if the address of "loghost" is the same as one of the addresses of the
18 host that is running syslogd.
19
20
21 A configuration entry is composed of two TAB-separated fields:
22
23 selector action
24
25
26
27 The selector field contains a semicolon-separated list of priority
28 specifications of the form:
29
30 facility.level [ ; facility.level ]
31
32
33
34 where facility is a system facility, or comma-separated list of facili‐
35 ties, and level is an indication of the severity of the condition being
36 logged. Recognized values for facility include:
37
38 user Messages generated by user processes. This is the default
39 priority for messages from programs or facilities not
40 listed in this file.
41
42
43 kern Messages generated by the kernel.
44
45
46 mail The mail system.
47
48
49 daemon System daemons, such as in.ftpd(1M)
50
51
52 auth The authorization system: login(1), su(1M), getty(1M),
53 among others.
54
55
56 lpr The line printer spooling system: lpr(1B), lpc(1B), among
57 others.
58
59
60 news Designated for the USENET network news system.
61
62
63 uucp Designated for the UUCP system; it does not currently use
64 the syslog mechanism.
65
66
67 cron Designated for cron/at messages generated by systems that
68 do logging through syslog. The current version of the
69 Solaris Operating Environment does not use this facility
70 for logging.
71
72
73 audit Designated for audit messages generated by systems that
74 audit by means of syslog.
75
76
77 local0-7 Designated for local use.
78
79
80 mark For timestamp messages produced internally by syslogd.
81
82
83 * An asterisk indicates all facilities except for the mark
84 facility.
85
86
87
88 Recognized values for level are (in descending order of severity):
89
90 emerg For panic conditions that would normally be broadcast to all
91 users.
92
93
94 alert For conditions that should be corrected immediately, such as
95 a corrupted system database.
96
97
98 crit For warnings about critical conditions, such as hard device
99 errors.
100
101
102 err For other errors.
103
104
105 warning For warning messages.
106
107
108 notice For conditions that are not error conditions, but may
109 require special handling. A configuration entry with a level
110 value of notice must appear on a separate line.
111
112
113 info Informational messages.
114
115
116 debug For messages that are normally used only when debugging a
117 program.
118
119
120 none Do not send messages from the indicated facility to the
121 selected file. For example, a selector of
122
123 *.debug;mail.none
124
125 sends all messages except mail messages to the selected
126 file.
127
128
129
130 For a given facility and level, syslogd matches all messages for that
131 level and all higher levels. For example, an entry that specifies a
132 level of crit also logs messages at the alert and emerg levels.
133
134
135 The action field indicates where to forward the message. Values for
136 this field can have one of four forms:
137
138 o A filename, beginning with a leading slash, which indicates
139 that messages specified by the selector are to be written to
140 the specified file. The file is opened in append mode if it
141 exists. If the file does not exist, logging silently fails
142 for this action.
143
144 o The name of a remote host, prefixed with an @, as with:
145 @server, which indicates that messages specified by the
146 selector are to be forwarded to the syslogd on the named
147 host. The hostname "loghost" is treated, in the default sys‐
148 log.conf, as the hostname given to the machine that logs
149 syslogd messages. Every machine is "loghost" by default, per
150 the hosts database. It is also possible to specify one
151 machine on a network to be "loghost" by, literally, naming
152 the machine "loghost". If the local machine is designated to
153 be "loghost", then syslogd messages are written to the
154 appropriate files. Otherwise, they are sent to the machine
155 "loghost" on the network.
156
157 o A comma-separated list of usernames, which indicates that
158 messages specified by the selector are to be written to the
159 named users if they are logged in.
160
161 o An asterisk, which indicates that messages specified by the
162 selector are to be written to all logged-in users.
163
164
165 Blank lines are ignored. Lines for which the first nonwhite character
166 is a '#' are treated as comments.
167
169 Example 1 A Sample Configuration File
170
171
172 With the following configuration file:
173
174
175
176
177
178 *.notice /var/log/notice
179 mail.info /var/log/notice
180 *.crit /var/log/critical
181 kern,mark.debug /dev/console
182 kern.err @server
183 *.emerg *
184 *.alert root,operator
185 *.alert;auth.warning /var/log/auth
186
187
188
189 syslogd(1M) logs all mail system messages except debug messages and all
190 notice (or higher) messages into a file named /var/log/notice. It logs
191 all critical messages into /var/log/critical, and all kernel messages
192 and 20-minute marks onto the system console.
193
194
195
196 Kernel messages of err (error) severity or higher are forwarded to the
197 machine named server. Emergency messages are forwarded to all users.
198 The users root and operator are informed of any alert messages. All
199 messages from the authorization system of warning level or higher are
200 logged in the file /var/log/auth.
201
202
204 See attributes(5) for descriptions of the following attributes:
205
206
207
208
209 ┌─────────────────────────────┬─────────────────────────────┐
210 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
211 ├─────────────────────────────┼─────────────────────────────┤
212 │Interface Stability │Stable │
213 └─────────────────────────────┴─────────────────────────────┘
214
216 at(1), crontab(1), logger(1), login(1), lp(1), lpc(1B), lpr(1B), m4(1),
217 cron(1M), getty(1M), in.ftpd(1M), su(1M), syslogd(1M), syslog(3C),
218 hosts(4), attributes(5)
219
220
221
222SunOS 5.11 26 Apr 2006 syslog.conf(4)