@(#)syslog.8 1.2 11/14/82
syslog - log systems messages /etc/syslog [ -m N ] [ -f name ] [ -d ] Syslog reads a datagram socket and logs each line it reads into a set of files described by the configuration file /etc/syslog.conf. Syslog configures when it starts up and whenever it receives a hangup signal.

Each message is one line. A message can contain a priority code, marked by a digit in angle braces at the beginning of the line. Priorities are defined in <syslog.h>, as follows:

this priority should essentially never be used. It applies only to messages that are so important that every user should be aware of them, e.g., a serious hardware failure. messages of this priority should be issued only when immediate attention is needed by a qualified system person, e.g., when some valuable system resource dissappears. They get sent to a list of system people. Emergency messages are not sent to users, but represent major conditions. An example might be hard disk failures. These could be logged in a separate file so that critical conditions could be easily scanned. these represent error conditions, such as soft disk failures, etc. such messages contain critical information, but which can not be classed as errors, for example, 'su' attempts. Messages of this priority and higher are typically logged on the system console. issued when an abnormal condition has been detected, but recovery can take place. something that falls in the class of "important information"; this class is informational but important enough that you don't want to throw it away casually. Messages without any priority assigned to them are typically mapped into this priority. information level messages. These messages could be thrown away without problems, but should be included if you want to keep a close watch on your system. it may be useful to log certain debugging information. Normally this will be thrown away.

It is expected that the kernel will not log anything below LOG_ERR priority.

The configuration file is in two sections separated by a blank line. The first section defines files that syslog will log into. Each line contains a single digit which defines the lowest priority (highest numbered priority) that this file will receive, an optional asterisk which guarantees that something gets output at least every 20 minutes, and a pathname. The second part of the file contains a list of users that will be informed on SALERT level messages. For example, the configuration file:

 5*/dev/tty8
 8/usr/spool/adm/syslog
 3/usr/adm/critical

 eric
 kridle
 kalash

logs all messages of priority 5 or higher onto the system console, including timing marks every 20 minutes; all messages of priority 8 or higher into the file /usr/spool/adm/syslog; and all messages of priority 3 or higher into /usr/adm/critical. The users ``eric'', ``kridle'', and ``kalash'' will be informed on any subalert messages.

The flags are:

Set the mark interval to N (default 20 minutes). Specify an alternate configuration file. Turn on debugging (if compiled in).

To bring syslog down, it should be sent a terminate signal. It logs that it is going down and then waits approximately 30 seconds for any additional messages to come in.

There are some special messages that cause control functions. ``<*>N'' sets the default message priority to N. ``<$>'' causes syslog to reconfigure (equivalent to a hangup signal). This can be used in a shell file run automatically early in the morning to truncate the log.

Syslog creates the file /etc/syslog.pid if possible containing a single line with its process id. This can be used to kill or reconfigure syslog.

Syslog can also be compiled to use mpx (2) files instead of datagrams if you are running V7. In this case it creates and reads the file /dev/log.

/etc/syslog.conf - the configuration file

/etc/syslog.pid - the process id

/dev/log - under V7, the mpx file

LOG_ALERT and LOG_SUBALERT messages should only be allowed to privileged programs.

Actually, syslog is not clever enough to deal with kernel error messages in the current implementation.

syslog(3)