Syslog Revision as of Monday, 21 December 2015 at 02:30 UTC

Quick notes

Anatomy of /etc/syslog.conf

Two parts: A selector and an action.

Selector

|------------

Facility

Priority

Action |------------

* auth<br /><small>(Security events get logged with this)</small> * authpriv<br /><small>(user access messages use this)</small> * cron<br /><small>(atd and crond daemons)</small> * daemon<br /><small>(other daemon programs without a facility of their own)</small> * kern<br /><small>(kernel messages)</small> * lpr<br /><small>(printing subsystem)</small> * mail<br /><small>(mail system)</small> * mark<br /><small>(used by syslogd to produce timestamps in log files)</small> * news<br /><small>(news system)</small> * syslog<br /><small>(internal syslog messages)</small> * user<br /><small>(for user programs)</small> * uucp local0 – local7<br /><small>(any use; RH uses local7 for boot messages)</small> * *<br /><small>(for all)</small>

* emerg<br /><small>(system unavailable)</small> * alert<br /><small>(immediate action required)</small> * crit<br /><small>(critical condition)</small> * err<br /><small>(error)</small> * warning<br /><small>(what it says)</small> * notice<br /><small>(normal but significant)</small> * info<br /><small>(normal)</small> * debug<br /><small>(debugging info)</small>
(Importance, descending)

* /complete/path/of/some/file * /dev/console * -/complete/path/of/some/file<br /><small>(Don't flush file each time; better performance but risks loss of some log info.)</small> * username1[,username2 ...] * *<br /><small>(all logged in users)</small> * @remotehost.org * |/path/to/named/pipe<br /><small>(To send output to a command you must create a named pipe, say /var/lib/cmd.pipe with the mkfifo command. Then start the command with cmd </var/lib/cmd.pipe.)</small>

Notes & Examples

Logger

I use this to quickly test/view a facility or priority

 logger [-p facility.priority] [-t tag] message

Sources