Introduction to Linux: syslog in Linux

Introduction to Linux: syslog in Linux

Syslog is the default log daemon in linux. The default syslog configuration file is/etc/syslog. conf. The program, daemon, and kernel provide system access log information. Any program that wishes to generate log information can call the syslog interface to generate this information.

Almost all network devices can transmit log information to the remote server through the syslog protocol, while the remote server listens to port 514 of udp through syslogd, and according to syslog. the configuration in the conf configuration file is processed, the system access log information is accepted, and the specified event is written to a specific file for the background database management and response. It means that we can log on to one or more servers for any event, so that the background database can use off-line, or offline, to analyze events on the remote device.

And/etc/syslog. conf uses facility. level action, and facility. level is the selection condition. It is two fields separated by a decimal point. The first field is a service, and the last field is a priority. The selection condition is actually a classification of message types, which allows people to send different types of messages to different places. In the same syslog configuration, more than one selection condition is allowed, but must be separated by semicolons. The activity represented by the action field has a lot of flexibility. In particular, we can use pipelines to make syslogd generate post-processing information.

Usually, facility refers to the function that syslog can detect. In this case, kern refers to the kernel information, which is transmitted through klogd, while user is the user process, and mail is the mail, while daemon is a background process, authpriv is the authorization information, syslog is the system log, lpr is the printing information, and new is the news group information, while uucp is the information generated by uucp, cron is the plan and task information, while mark is used by the syslog internal function to generate a timestamp. While local0-7 is used with custom programs, such as using local5 to represent ssh functionality. * Indicates all functions other than mark.

Level indicates the priority of syslog. emerg or panic indicates that the system is unavailable, while alert indicates the conditions that need to be modified immediately, crit indicates the error condition that prevents some tools or subsystems from implementing functions. err indicates the error condition that blocks the implementation of some tools or subsystems, and warning indicates a warning message, while notice is a common message, and info is a notification message.

The syslog daemon is started by calling the/etc/rc. d/init. d/syslog script. The options are not used by default. If you want to use a log server, you must call syslogd-r. By default, syslog does not accept messages from a remote system. When the-r option is specified, syslogd listens to udp packets from port 514.

If you want the log server to transmit log messages, you can use the-h id. Syslogd ignores the/etc/syslog. conf entry that enables it to send log messages from one remote system to another.

Modification to the configuration file takes effect only after the syslogd program is restarted. You can use/etc/rc. d/init. d/syslog restart.

Configure a syslog server on Linux

Syslog usage

Output MySQL logs to syslog In the chroot environment

Syslog classification Configuration

This article permanently updates the link address: