SYSLOG(8) System Manager's Manual SYSLOG(8)
syslog - log systems messages
/etc/syslog [ -mN ] [ -fname ] [ -d ]
Syslog reads a datagram socket and logs each line it reads into a set
of files described by the configuration file /etc/syslog.conf. Syslog
configures when it starts up and whenever it receives a hangup signal.
Each message is one line. A message can contain a priority code,
marked by a digit in angle braces at the beginning of the line. Prior-
ities are defined in <syslog.h>, as follows:
LOG_ALERT this priority should essentially never be used. It
applies only to messages that are so important that every
user should be aware of them, e.g., a serious hardware
LOG_SALERT messages of this priority should be issued only when imme-
diate attention is needed by a qualified system person,
e.g., when some valuable system resource dissappears.
They get sent to a list of system people.
LOG_EMERG Emergency messages are not sent to users, but represent
major conditions. An example might be hard disk failures.
These could be logged in a separate file so that critical
conditions could be easily scanned.
LOG_ERR these represent error conditions, such as soft disk fail-
LOG_CRIT such messages contain critical information, but which can
not be classed as errors, for example, `su' attempts.
Messages of this priority and higher are typically logged
on the system console.
LOG_WARNING issued when an abnormal condition has been detected, but
recovery can take place.
LOG_NOTICE something that falls in the class of ``important informa-
tion''; this class is informational but important enough
that you don't want to throw it away casually. Messages
without any priority assigned to them are typically mapped
into this priority.
LOG_INFO information level messages. These messages could be
thrown away without problems, but should be included if
you want to keep a close watch on your system.
LOG_DEBUG it may be useful to log certain debugging information.
Normally this will be thrown away.
It is expected that the kernel will not log anything below LOG_ERR pri-
The configuration file is in two sections separated by a blank line.
The first section defines files that syslog will log into. Each line
contains a single digit which defines the lowest priority (highest num-
bered priority) that this file will receive, an optional asterisk which
guarantees that something gets output at least every 20 minutes, and a
pathname. The second part of the file contains a list of users that
will be informed on SALERT level messages. For example, the configura-
logs all messages of priority 5 or higher onto the system console,
including timing marks every 20 minutes; all messages of priority 8 or
higher into the file /usr/spool/adm/syslog; and all messages of prior-
ity 3 or higher into /usr/adm/critical. The users ``eric'', ``kri-
dle'', and ``kalash'' will be informed on any subalert messages.
The flags are:
-m Set the mark interval to N (default 20 minutes).
-f Specify an alternate configuration file.
-d Turn on debugging (if compiled in).
To bring syslog down, it should be sent a terminate signal. It logs
that it is going down and then waits approximately 30 seconds for any
additional messages to come in.
There are some special messages that cause control functions. ``<*>N''
sets the default message priority to N. ``<$>'' causes syslog to
reconfigure (equivalent to a hangup signal). This can be used in a
shell file run automatically early in the morning to truncate the log.
Syslog creates the file /etc/syslog.pid if possible containing a single
line with its process id. This can be used to kill or reconfigure sys-
/etc/syslog.conf - the configuration file
/etc/syslog.pid - the process id
LOG_ALERT and LOG_SUBALERT messages should only be allowed to privi-
Actually, syslog is not clever enough to deal with kernel error mes-
sages in the current implementation.
4th Berkeley Distribution SYSLOG(8)