Provided by: sysklogd_1.5-6ubuntu1_amd64 bug

NAME

       syslog.conf - syslogd(8) configuration file

DESCRIPTION

       The  syslog.conf  file  is  the  main  configuration file for syslogd(8) which logs system
       messages on *nix systems.  This file specifies rules for logging.   For  special  features
       see the sysklogd(8) manpage.

       Every rule consists of two fields, a selector field and an action field.  These two fields
       are separated by one or more spaces or tabs.  The selector field specifies  a  pattern  of
       facilities and priorities belonging to the specified action.

       Lines starting with a hash mark (``#'') and empty lines are ignored.

       This release of syslogd is able to understand an extended syntax.  One rule can be divided
       into several lines if the leading line is terminated with an backslash (``\'').

SELECTORS

       The selector field consists of two parts, a facility and a priority, separated by a period
       (``.'').   Both  parts  are  case insensitive and can also be specified as decimal numbers
       corresponding to the definitions in <syslog.h>.  It is obviously safer to  use  the  names
       than  the  numbers.  Both facilities and priorities are described in syslog(3).  The names
       mentioned below correspond to the similar LOG_-values in <syslog.h>.

       The facility is one of the following keywords: auth, authpriv, cron,  daemon,  ftp,  kern,
       lpr,  mail,  mark,  news,  security  (same as auth), syslog, user, uucp and local0 through
       local7.  The keyword security is  deprecated  and  mark  is  only  for  internal  use  and
       therefore  should  not be used in applications.  The facility specifies the subsystem that
       produced the message, e.g. all mail programs log with the mail facility (LOG_MAIL) if they
       log using syslog.

       In  most  cases  anyone  can log to any facility, so we rely on convention for the correct
       facility to be chosen.  However, generally only the kernel can log to the "kern" facility.
       This  is  because  the  implementation  of  openlog() and syslog() in glibc does not allow
       logging to the "kern" facility.   Klogd  circumvents  this  restriction  when  logging  to
       syslogd by reimplementing those functions itself.

       The  priority  is  one of the following keywords, in ascending order: debug, info, notice,
       warning, warn (same as warning), err, error (same as err), crit, alert, emerg, panic (same
       as  emerg).   The  keywords  warn,  error  and panic are deprecated and should not be used
       anymore.  The priority defines the severity of the message

       The behavior of the original BSD syslogd is that all messages of  the  specified  priority
       and  higher  are  logged according to the given action.  This syslogd(8) behaves the same,
       but has some extensions.

       In addition to  the  above  mentioned  names  the  syslogd(8)  understands  the  following
       extensions:  An asterisk (``*'') stands for all facilities or all priorities, depending on
       where it is used (before or after the period).  The keyword none stands for no priority of
       the given facility.

       Multiple  facilities may be specified for a single priority pattern in one statement using
       the comma (``,'') operator to separate the facilities.  You may specify as many facilities
       as  you  want.   Remember  that  only  the facility part from such a statement is taken, a
       priority  part  would  be  skipped.   For  example,  it  means  that  instead  of  writing
       "kern.info,auth.info" you just write "kern,auth.info", skipping the 1st ".info".

       Multiple  selectors  may  be  specified  for  a  single action using the semicolon (``;'')
       separator.  In this case the selectors  are  processed  from  left  to  right,  with  each
       selector  being able to overwrite the preceding ones.  Using this behavior you can exclude
       some priorities from the pattern.

       This syslogd(8) has a syntax extension to the original BSD source,  which  makes  its  use
       more  intuitive.   You may precede every priority with an equation sign (``='') to specify
       that syslogd should only refer to this single priority  and  not  this  priority  and  all
       higher priorities.

       You  may also precide the priority with an exclamation mark (``!'') if you want syslogd to
       ignore this priority and all higher priorities.  You may even use  both,  the  exclamation
       mark  and  the  equation sign if you want syslogd to ignore only this single priority.  If
       you use both extensions than the exclamation mark must occur  before  the  equation  sign,
       just use it intuitively.

ACTIONS

       The  action  field  of a rule describes the abstract term ``logfile''.  A ``logfile'' need
       not to be a real file, btw.  The syslogd(8) provides the following actions.

   Regular File
       Typically messages are logged to real files.  The file must be specified  as  an  absolute
       pathname.

       You  may  prefix each entry with a minus sign (``-'') to avoid syncing the file after each
       log message.  Note that you might lose information if the system  crashes  right  after  a
       write  attempt.  Nevertheless this might give you back some performance, especially if you
       run programs that use logging in a very verbose manner.

   Named Pipes
       This version of syslogd(8) has support for logging output  to named pipes (fifos).  A fifo
       or  named  pipe  can be used as a destination for log messages by prepending a pipe symbol
       (``|'') to the name of the file.  This is handy for debugging.  Note that the fifo must be
       created with the mkfifo(1) command  before syslogd(8) is started.

   Terminal and Console
       If the file you specified is a tty, special tty-handling is done, same with /dev/console.

   Remote Machine
       This  syslogd(8)  provides  full remote logging, i.e. is able to send messages to a remote
       host running syslogd(8) and to receive messages from remote hosts.  The remote host  won't
       forward  the message again, it will just log them locally.  To forward messages to another
       host, prepend the hostname with the at sign (``@'').

       Using this feature you're able to collect all syslog messages on a  single  host,  if  all
       other machines will log remotely to that.  This reduces administration needs.

   List of Users
       Usually  critical messages are also directed to ``root'' on that machine.  You can specify
       a list of users that shall get the message by simply writing  their  usernames.   You  may
       specify  more  than  one user by separating the usernames with commas (``,'').  If they're
       logged in they will receive the log messages.

   Everyone logged on
       Emergency messages often go to all users currently online to notify  them  that  something
       strange  is  happening  with  the system.  To specify this wall(1)-feature use an asterisk
       (``*'').

EXAMPLES

       Here are some examples, partially taken from  a  real  existing  site  and  configuration.
       Hopefully they answer all questions about configuring syslogd(8), if not, drop me (Joey) a
       line.

              # Store critical stuff in critical
              #
              *.=crit;kern.none            /var/adm/critical

       This will store all messages of priority crit in  the  file  /var/adm/critical,  with  the
       exception of any kernel messages.

              # Kernel messages are stored in the kernel file,
              # critical messages and higher ones also go
              # to another host and to the console
              #
              kern.*                       /var/adm/kernel
              kern.crit                    @finlandia
              kern.crit                    /dev/console
              kern.info;kern.!err          /var/adm/kernel-info

       The   first   rule  directs  any  message  that  has  the  kernel  facility  to  the  file
       /var/adm/kernel.  (But recall that only the kernel itself can log to this facility.)

       The second statement directs all kernel messages of priority crit and higher to the remote
       host finlandia.  This is useful, because if the host crashes and the disks get irreparable
       errors you might not be able to read the stored messages.  If they're on  a  remote  host,
       too, you still can try to find out the reason for the crash.

       The  third rule directs kernel messages of priority crit and higher to the actual console,
       so the person who works on the machine will get them, too.

       The fourth line tells the syslogd to save all kernel messages that  come  with  priorities
       from info up to warning in the file /var/adm/kernel-info.

       This  is  an  example  of  the  2nd selector overwriting part of the first one.  The first
       selector selects kernel messages of priority info and higher.  The second selector filters
       out  kernel  messages  of  priority  error  and higher.  This leaves just priorities info,
       notice and warning to get logged.

              # The tcp wrapper logs with mail.info, we display
              # all the connections on tty12
              #
              mail.=info                   /dev/tty12

       This directs  all  messages  that  use  mail.info  (in  source  LOG_MAIL  |  LOG_INFO)  to
       /dev/tty12,  the  12th  console.   For  example  the  tcpwrapper  tcpd(8) uses this as its
       default.

              # Write all mail related logs to a file
              #
              mail.*;mail.!=info           /var/adm/mail

       This pattern matches all messages that come with the mail facility, except  for  the  info
       priority.  These will be stored in the file /var/adm/mail.

              # Log all mail.info and news.info messages to info
              #
              mail,news.=info              /var/adm/info

       This will extract all messages that come either with mail.info or with news.info and store
       them in the file /var/adm/info.

              # Log info and notice messages to messages file
              #
              *.=info;*.=notice;\
                   mail.none  /var/log/messages

       This lets the syslogd log all messages that come  with  either  the  info  or  the  notice
       priority  into  the  file  /var/log/messages,  except  for  all messages that use the mail
       facility.

              # Log info messages to messages file
              #
              *.=info;\
                   mail,news.none       /var/log/messages

       This statement causes the syslogd to log all messages that come with the info priority  to
       the  file  /var/log/messages.   But  any  message  coming either with the mail or the news
       facility will not be stored.

              # Emergency messages will be displayed using wall
              #
              *.=emerg                     *

       This rule tells the syslogd to write all emergency messages to  all  currently  logged  in
       users.  This is the wall action.

              # Messages of the priority alert will be directed
              # to the operator
              #
              *.alert                      root,joey

       This  rule  directs  all  messages  of  priority  alert  or higher to the terminals of the
       operator, i.e. of the users ``root'' and ``joey'' if they're logged in.

              *.*                          @finlandia

       This rule would redirect all messages to a remote host called finlandia.  This  is  useful
       especially  in  a cluster of machines where all syslog messages will be stored on only one
       machine.

CONFIGURATION FILE SYNTAX DIFFERENCES

       Syslogd uses a slightly different syntax for its configuration file than the original  BSD
       sources.   Originally  all messages of a specific priority and above were forwarded to the
       log file.  The modifiers ``='', ``!''  and ``-'' were  added  to  make  the  syslogd  more
       flexible and to use it in a more intuitive manner.

       The  original BSD syslogd doesn't understand spaces as separators between the selector and
       the action field.

FILES

       /etc/syslog.conf
              Configuration file for syslogd

BUGS

       The  effects  of  multiple  selectors  are   sometimes   not   intuitive.    For   example
       ``mail.crit,*.err''  will  select  ``mail''  facility  messages at the level of ``err'' or
       higher, not at the level of ``crit'' or higher.

       Also, if you specify a selector with an exclamation mark in it which isn't preceded  by  a
       corresponding  selector without an exclamation mark, nothing will be logged.  Intuitively,
       the selector ``ftp.!alert'' on its own will select all ftp messages with  priorities  less
       than  alert.   In  fact it selects nothing.  Similarly ``ftp.!=alert'' might reasonably be
       expected to select all ftp messages other than those with priority  alert,  but  again  it
       selects  nothing.   It  seems  the selectors with exclamation marks in them should only be
       used as `filters' following selectors without exclamation marks.

       Finally, using a backslash to divide a line into two doesn't work if the backslash is used
       immediately after the end of the selector, without intermediate whitespace.

SEE ALSO

       sysklogd(8), klogd(8), logger(1), syslog(2), syslog(3).

AUTHORS

       The  syslogd  is taken from BSD sources, Greg Wettstein <greg@wind.enjellic.com> performed
       the port to Linux, Martin Schulze <joey@infodrom.org> fixed some bugs, added  several  new
       features and took over maintenance.