Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

syslog.conf(4)                   File Formats                   syslog.conf(4)

       syslog.conf - configuration file for syslogd system log daemon


       The  file  /etc/syslog.conf contains information used by the system log
       daemon, syslogd(1M), to forward a system  message  to  appropriate  log
       files  and/or  users.  syslogd  preprocesses this file through m4(1) to
       obtain the correct information for certain log files, defining  LOGHOST
       if  the address of "loghost" is the same as one of the addresses of the
       host that is running syslogd.

       A configuration entry is composed of two TAB-separated fields:

       selector       action

       The selector field contains  a  semicolon-separated  list  of  priority
       specifications of the form:

       facility.level [ ; facility.level ]

       where facility is a system facility, or comma-separated list of facili-
       ties, and level is an indication of the severity of the condition being
       logged. Recognized values for facility include:

       user            Messages  generated  by  user  processes.  This  is the
                       default priority for messages from programs or  facili-
                       ties not listed in this file.

       kern            Messages generated by the kernel.

       mail            The mail system.

       daemon          System daemons, such as in.ftpd(1M)

       auth            The  authorization system: login(1), su(1M), getty(1M),
                       among others.

       lpr             The line printer  spooling  system:  lpr(1B),  lpc(1B),
                       among others.

       news            Designated for the USENET network news system.

       uucp            Designated  for  the UUCP system; it does not currently
                       use the syslog mechanism.

       cron            Designated for cron/at messages  generated  by  systems
                       that  do logging through syslog. The current version of
                       the Solaris Operating Environment  does  not  use  this
                       facility for logging.

       audit           Designated for audit messages generated by systems that
                       audit by means of syslog.

       local0-7        Designated for local use.

       mark            For timestamp messages produced internally by syslogd.

       *               An asterisk indicates all  facilities  except  for  the
                       mark facility.

       Recognized values for level are (in descending order of severity):

       emerg           For  panic  conditions that would normally be broadcast
                       to all users.

       alert           For conditions that should  be  corrected  immediately,
                       such as a corrupted system database.

       crit            For  warnings  about  critical conditions, such as hard
                       device errors.

       err             For other errors.

       warning         For warning messages.

       notice          For conditions that are not error conditions,  but  may
                       require  special handling. A configuration entry with a
                       level value of notice must appear on a separate line.

       info            Informational messages.

       debug           For messages that are normally used only when debugging
                       a program.

       none            Do not send messages from the indicated facility to the
                       selected file. For example, a selector of


                       sends all messages except mail messages to the selected

       For  a  given facility and level, syslogd matches all messages for that
       level and all higher levels. For example, an  entry  that  specifies  a
       level of crit also logs messages at the alert and emerg levels.

       The  action  field  indicates  where to forward the message. Values for
       this field can have one of four forms:

         o  A filename, beginning with a leading slash, which  indicates  that
            messages specified by the selector are to be written to the speci-
            fied file. The file is opened in append mode if it exists. If  the
            file does not exist, logging silently fails for this action.

         o  The  name  of a remote host, prefixed with an @, as with: @server,
            which indicates that messages specified by the selector are to  be
            forwarded  to  the  syslogd  on  the  named  host.   The  hostname
            "loghost" is treated, in the default syslog.conf, as the  hostname
            given  to the machine that logs syslogd messages. Every machine is
            "loghost" by default, per the hosts database. It is also  possible
            to specify one machine on a network to be "loghost" by, literally,
            naming the machine "loghost". If the local machine  is  designated
            to  be  "loghost", then syslogd messages are written to the appro-
            priate files. Otherwise, they are sent to the machine "loghost" on
            the network.

         o  A comma-separated list of usernames, which indicates that messages
            specified by the selector are to be written to the named users  if
            they are logged in.

         o  An asterisk, which indicates that messages specified by the selec-
            tor are to be written to all logged-in users.

       Blank lines are ignored. Lines for which the first  nonwhite  character
       is a '#' are treated as comments.

       Example 1: A Sample Configuration File

       With the following configuration file:

       tab();     lw(2.750000i)     lw(2.750000i).     *.notice/var/log/notice
       mail.info/var/log/notice                        *.crit/var/log/critical
       kern,mark.debug/dev/console kern.err@server *.emerg* *.alertroot,opera-
       tor *.alert;auth.warning/var/log/auth

       syslogd(1M) logs all mail system messages except debug messages and all
       notice  (or higher) messages into a file named /var/log/notice. It logs
       all critical messages into /var/log/critical, and all  kernel  messages
       and 20-minute marks onto the system console.

       Kernel  messages of err (error) severity or higher are forwarded to the
       machine named server. Emergency messages are forwarded  to  all  users.
       The  users  root  and operator are informed of any alert messages.  All
       messages from the authorization system of warning level or  higher  are
       logged in the file /var/log/auth.

       /var/log/notice         log  of  all mail system messages (except debug
                               messages) and all messages of notice  level  or

       /var/log/critical       log of all critical messages

       /var/log/auth           log of all messages from the authorization sys-
                               tem of warning level or higher

       See attributes(5) for descriptions of the following attributes:

       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE Interface StabilityStable

       at(1), crontab(1), logger(1), login(1), lp(1), lpc(1B), lpr(1B), m4(1),
       cron(1M),  getty(1M),  in.ftpd(1M),  su(1M),  syslogd(1M),  syslog(3C),
       hosts(4), attributes(5)

SunOS 5.10                        28 Jul 2004                   syslog.conf(4)