syslog.conf is the configuration file for the syslog daemon syslogd. It controls which messages the syslog daemon writes to which logging files.
The file consists of blocks which are separated by program specifications. Each line defined in a block contains two specifications:
The selector specification selects messages on the basis of their type and priority.
The action specification defines the action which the syslog daemon is to execute for the messages selected with the selector specification.
The selector specification is separated from the action specification by at least one tabulator character or blank.
When blanks are used, the compatibility of your configuration file with other Unix-type systems is not guaranteed if the latter only permit tabulator characters.
program specification
A program specification introduces a block which controls the logging of messages only for programs which are defined in this program specification. A block at the start of the syslog.conf file without a preceding program specification controls logging for any programs.
Syntax
[#]![+|-]program[,program] ... |
Indicates the program specification. The optional specification of # is supported for compatibility reasons.
Positive or negative selection (default: positive) In the case of positive selection (+) the specifications contained in the current block are evaluated only for messages of programs which are included in the program specification,
Program name or * (asterisk for all programs) When syslog() is called, a check is made to see whether the specified name (or one of the specified names) matches the ident specification of the openlog() function of the program from which the syslog() call is made. |
selector specification
The selector specification is used to select the messages for which the actions defined in the action specification are to be executed. The selector specification is structured as follows (without blanks):
- facility specification
- Dot (.)
- Optional negation
- Optional relational operands
- priority specification
Syntax
facility.[[!] [=>|>=|>|=|<|=<|<=]]priority |
Only messages which are sent by the specified part of the system are selected. The following specifications are possible: auth, cron, daemon, lpr, mail, mark, news, syslog, user, uucp, local0 through local7 and *. These keywords (with the exception of mark) match the LOG_ values from /usr/include/sys/syslog.h which can be specified in the openlog() function. The special facility specification mark causes so-called MARK messages to be written periodically (default: every 20 minutes, see the -m option of the syslog daemon on "syslogd - syslog daemon for logging system messages ") to the logging file. The specification * (asterisk) stands for any facility specifications except for mark. The facility specification is case-sensitive.
Negation. The following specification (relational operator and priority) is logically inverted.
The relational operators together with the subsequent priority specification select the messages on the basis of their priority. |
Only messages whose priority is the same as the specified priority (or, depending on the relational operator, higher or lower) are selected. The following specifications are possible (beginning with the highest and ending with the lowest error weight: alert, crit, err, warning, notice, info and debug. The special priority specification none causes the facility specification concerned to be excluded from the action defined. The priority specification * (asterisk) selects all priorities. The priority specification is case-sensitive. A selector specification can contain more than one facility specification and also more than one priority specification. Each of these is separated by a comma (","). Multiple selector specifications can also be combined with one action specification. Each of these is then separated by a semicolon (";"). Here it is important to note that each selector specification can modify the definition which was specified beforehand. |
action specification
The action specification defines which actions are executed for the messages which were selected with the selector specification and which match the program specification of the current block. The action specification has the following structure:
Syntax
[-]pathname |
After each message has been written, fsync() is called, i.e. messages are synchronized explicitly. By default messages are not synchronized explicitly.
The messages are logged (attached) to the file with the specified path name. The path name must be specified with a / (slash) as the first character. Output of the messages to other destinations such as command pipes, terminals or remote computers is, in contrast to other syslogd implementations, not supported. |
Comments
Comments are introduced by a hash mark (#). The characters in the line, including the #, are ignored, except in the case of program specifications. Empty lines and lines which contain only blanks or tabulator characters ahead of the first hash mark are totally ignored. The comment function of the # character can be canceled with \ (backslash).
File
/etc/syslog.conf
Configuration file for syslogd
BS2000
The following features are not supported and are rejected with a console message:
Logging from and to remote hosts (remote syslog daemons)
Logging to command pipes or user terminals
When logging to a BS2000 file (bs2fs file) it must be noted that the bs2fs file system in which this file resides must alredy be mounted when the syslog daemon starts. The automatic mount can be used for this purpose by means of an entry in /etc/vfstab, e.g.:
/etc/vfstab :FR07:$SYSROOT.POSIX.SYSLOG* - /var/adm/SYSROOT bs2fs 1 yes ftyp=text /etc/syslog.conf *.* /var/adm/SYSROOT/POSIX.SYSLOG
The following special aspects must be taken into account here:
The syslog daemon is started under the BS2000 user ID SYSROOT. The bs2fs files must therefore reside in this user ID.
From the BS2000 viewpoint the current logging file remains locked until the syslog daemon has been terminated or until logrotate. Until this has happened it can only be read from POSIX.
Example 1
All messages are output to the /var /adm/syslog file. With the exception of mail messages, messages with the weight err or higher and all authentication messages with the weight notice or higher are also output to the BS2000 CONSLOG file.
*.* /var/adm/syslog *.err;auth.notice;mail.none /dev/conslog
Example 2
With the exception of mail messages and authentication messages, all messages with the weight info or higher are output to the file.
*.info;mail.none;auth.none /var/adm/syslog
Example 3
Daemon messages (only) with the weight debug are output to the file.
daemon.=debug /var/adm/daemon.debug
Example 4
Mail messages and authentication messages are output to specific files. All other messages are output to the syslog file.
*.*;auth.none;mail.none /var/adm/syslog mail.* /var/adm/maillog auth.* /var/adm/authlog
Example 5
Mail and news messages with the weight err and higher are output to the file.
mail,news.err /var/adm/mailerr
Example 6
Messages of the postfix program are output to the mail logging file.
!postfix *.* /var/adm/maillog
Example 7
Messages of the named and dnsd programs are output to a separate file, and this is synchronized with fcync() after each individual message.
!named,dnsd *.* -/var/adm/dnslog
Example 8
MARK messages are logged.
mark.* /var/adm/syslog