Copyright (c) 1990 The Regents of the University of California.
All rights reserved.

%sccs.include.redist.man%

@(#)syslog.conf.5 5.2 (Berkeley) 09/30/90

C 7 syslog.conf - syslogd configuration file Syslog.conf is the configuration file for the syslogd (8) program. It consists of lines with two fields: the selector field which specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a message syslogd receives matches the selection criteria. The selector field is separated from the action field by one or more tab characters.

Selectors are encoded as a facility , a period (``.''), and a level , with no intervening white-space. Both the facility and the level are case insensitive.

The facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, uucp and local0 through local7. These keywords (with the exception of mark) correspond to the similar ``LOG_'' values specified to the openlog and syslog library routines.

The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err, warning, notice and debug. These keywords correspond to the similar ``LOG_'' values specified to the syslog library routine.

See syslog (3) for a further descriptions of both the facility and level keywords and their significance.

If a received message matches the specified facility and is of the specified level "(or a higher level)" , the action specified in the action field will be taken.

Multiple selectors may be specified for a single action by separating them with semicolon (``;'') characters. It is important to note, however, that each selector can modify the ones preceding it.

Multiple facilities may be specified for a single level by separating them with comma (``,'') characters.

An asterisk (``*'') can be used to specify all facilities or all levels .

The special facility ``mark'' receives a message at priority ``info'' every 20 minutes (see syslogd (8)). This is not enabled by a facility field containing an asterisk.

The special level ``none'' disables a particular facility .

The action field of each line specifies the action to be taken when the selector field selects a message. There are four forms:

A pathname (beginning with a leading slash). Selected messages are appended to the file. A hostname (preceded by an at (``@'') sign). Selected messages are forwarded to the syslogd program on the named host. A comma separated list of users. Selected messages are written to those users if they are logged in. An asterisk. Selected messages are written to all logged-in users.

Blank lines and lines whose first non-blank character is a hash (``#'') character are ignored.

A configuration file might appear as follows:

# Log all kernel messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
*.err;kern.*;auth.notice;authpriv.none /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* /var/log/maillog

# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
*.emerg @arpa.berkeley.edu

# Root and Eric get alert and higher messages.
*.alert root,eric

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spoolerr

/etc/syslog.conf syslogd(8) configuration file The effects of multiple selectors are sometimes not intuitive. For example ``mail.crit,*.err'' will select ``mail'' facility messages at the level of ``err'' or higher, not at the level of ``crit'' or higher. syslog(3), syslogd(8)