1.\" Copyright (c) 1990, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)syslog.conf.5 8.1 (Berkeley) 6/9/93
|
33.\" $Id$ |
34.\" 35.Dd June 9, 1993 36.Dt SYSLOG.CONF 5 37.Os 38.Sh NAME 39.Nm syslog.conf 40.Nd 41.Xr syslogd 8 42configuration file 43.Sh DESCRIPTION 44The
|
44.Nm syslog.conf
|
45.Nm |
46file is the configuration file for the 47.Xr syslogd 8 48program. 49It consists of 50blocks of lines separated by 51.Em program 52specifications, 53with each line containing two fields: the 54.Em selector 55field which specifies the types of messages and priorities to which the 56line applies, and an 57.Em action 58field which specifies the action to be taken if a message 59.Xr syslogd 60receives matches the selection criteria. 61The 62.Em selector 63field is separated from the 64.Em action 65field by one or more tab characters. 66.Pp 67The 68.Em Selectors 69function 70are encoded as a 71.Em facility ,
|
71a period (``.''), and a
|
72a period 73.Pq Dq \&. , 74and a |
75.Em level , 76with no intervening white-space. 77Both the 78.Em facility 79and the 80.Em level 81are case insensitive. 82.Pp 83The 84.Em facility 85describes the part of the system generating the message, and is one of
|
83the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail,
|
86the following keywords: auth, authpriv, cron, daemon, ftp, kern, lpr, mail, |
87mark, news, syslog, user, uucp and local0 through local7. 88These keywords (with the exception of mark) correspond to the 89similar 90.Dq Dv LOG_ 91values specified to the 92.Xr openlog 3 93and 94.Xr syslog 3 95library routines. 96.Pp 97The 98.Em level 99describes the severity of the message, and is a keyword from the 100following ordered list (higher to lower): emerg, alert, crit, err, 101warning, notice, info and debug. 102These keywords correspond to the 103similar
|
101.Pq Dv LOG_
|
104.Dq Dv LOG_ |
105values specified to the 106.Xr syslog 107library routine. 108.Pp 109Each block of lines is separated from the previous block by a tag. The tag 110is a line beginning with 111.Em #!prog 112or 113.Em !prog 114(the former is for compatibility with the previous syslogd, if one is sharing 115syslog.conf files, for example) 116and each block will be associated with calls to syslog from that specific 117program. 118.Pp 119See 120.Xr syslog 3 121for a further descriptions of both the 122.Em facility 123and 124.Em level 125keywords and their significance. It's preferred that selections be made on 126.Em facility 127rather than 128.Em program , 129since the latter can easily vary in a networked environment. In some cases, 130though, an appropriate 131.Em facility
|
129simply doesn't exist (for example,
130.Em ftpd
131logs under LOG_DAEMON along with a myriad other programs).
|
132simply doesn't exist. |
133.Pp 134If a received message matches the specified 135.Em facility 136and is of the specified 137.Em level 138.Em (or a higher level) , 139and the first word in the message after the date matches the 140.Em program , 141the action specified in the 142.Em action 143field will be taken. 144.Pp 145Multiple 146.Em selectors 147may be specified for a single 148.Em action
|
148by separating them with semicolon (``;'') characters.
|
149by separating them with semicolon 150.Pq Dq \&; 151characters. |
152It is important to note, however, that each 153.Em selector 154can modify the ones preceding it. 155.Pp 156Multiple 157.Em facilities 158may be specified for a single 159.Em level
|
157by separating them with comma (``,'') characters.
|
160by separating them with comma 161.Pq Dq \&, 162characters. |
163.Pp
|
159An asterisk (``*'') can be used to specify all
|
164An asterisk 165.Pq Dq * 166can be used to specify all |
167.Em facilities 168all 169.Em levels 170or all 171.Em programs . 172.Pp 173The special 174.Em facility
|
168``mark'' receives a message at priority ``info'' every 20 minutes
|
175.Dq mark 176receives a message at priority 177.Dq info 178every 20 minutes |
179(see 180.Xr syslogd 8 ) . 181This is not enabled by a 182.Em facility 183field containing an asterisk. 184.Pp 185The special 186.Em level
|
177``none'' disables a particular
|
187.Dq none 188disables a particular |
189.Em facility . 190.Pp 191The 192.Em action 193field of each line specifies the action to be taken when the 194.Em selector 195field selects a message. 196There are five forms: 197.Bl -bullet 198.It 199A pathname (beginning with a leading slash). 200Selected messages are appended to the file. 201.It
|
191A hostname (preceded by an at (``@'') sign).
|
202A hostname (preceded by an at 203.Pq Dq @ 204sign). |
205Selected messages are forwarded to the 206.Xr syslogd 207program on the named host. 208.It 209A comma separated list of users. 210Selected messages are written to those users 211if they are logged in. 212.It 213An asterisk. 214Selected messages are written to all logged-in users. 215.It
|
203A vertical bar (``|''), followed by a command to pipe the selected
|
216A vertical bar 217.Pq Dq \&| , 218followed by a command to pipe the selected |
219messages to. The command is passed to a 220.Pa /bin/sh 221for evaluation, so usual shell metacharacters or input/output 222redirection can occur. (Note however that redirecting 223.Xr stdio 3 224buffered output from the invoked command can cause additional delays, 225or even lost output data in case a logging subprocess exited with a 226signal.) The command itself runs with 227.Em stdout 228and 229.Em stderr 230redirected to 231.Pa /dev/null . 232Upon receipt of a 233.Dv SIGHUP ,
|
219.Nm syslogd
|
234.Nm |
235will close the pipe to the process. If the process didn't exit 236voluntarily, it will be sent a 237.Dv SIGTERM 238signal after a grace period of up to 40 seconds. 239.Pp 240The command will only be started once data arrives that should be piped 241to it. If it exited later, it will be restarted as necessary. 242.Pp 243Unless the command is a full pipeline, it's probably useful to 244start the command with 245.Em exec 246so that the invoking shell process does not wait for the command to 247complete. Warning: the process is started under the UID invoking 248.Xr syslogd 8 , 249normally the superuser. 250.El 251.Pp
|
237Blank lines and lines whose first non-blank character is a hash (``#'')
|
252Blank lines and lines whose first non-blank character is a hash 253.Pq Dq # |
254character are ignored. 255.Sh EXAMPLES 256.Pp 257A configuration file might appear as follows: 258.Bd -literal 259# Log all kernel messages, authentication messages of 260# level notice or higher and anything of level err or 261# higher to the console. 262# Don't log private authentication messages! 263*.err;kern.*;auth.notice;authpriv.none /dev/console 264 265# Log anything (except mail) of level info or higher. 266# Don't log private authentication messages! 267*.info;mail.none;authpriv.none /var/log/messages 268 269# The authpriv file has restricted access. 270authpriv.* /var/log/secure 271 272# Log all the mail messages in one place. 273mail.* /var/log/maillog 274 275# Everybody gets emergency messages, plus log them on another 276# machine. 277*.emerg * 278*.emerg @arpa.berkeley.edu 279 280# Root and Eric get alert and higher messages. 281*.alert root,eric 282 283# Save mail and news errors of level err and higher in a 284# special file. 285uucp,news.crit /var/log/spoolerr 286 287# Pipe all authentication messages to a filter. 288auth.* |exec /usr/local/sbin/authfilter 289 290# Save ftpd transactions along with mail and news 291!ftpd 292*.* /var/log/spoolerr 293.Ed 294.Sh FILES 295.Bl -tag -width /etc/syslog.conf -compact 296.It Pa /etc/syslog.conf 297The 298.Xr syslogd 8 299configuration file. 300.El 301.Sh BUGS 302The effects of multiple selectors are sometimes not intuitive.
|
287For example ``mail.crit,*.err'' will select ``mail'' facility messages at
288the level of ``err'' or higher, not at the level of ``crit'' or higher.
|
303For example 304.Dq mail.crit,*.err 305will select 306.Dq mail 307facility messages at the level of 308.Dq err 309or higher, not at the level of 310.Dq crit 311or higher. |
312.Sh SEE ALSO 313.Xr syslog 3 , 314.Xr syslogd 8
|