A tutorial on getting started with syslog in Linux

Syslog is the default log daemon in a Linux system, and the default syslog configuration file is the/etc/syslog.conf file. The program, daemon, and kernel provide log information for accessing the system. Any program that wants to generate log information can generate this information to a syslog interface call.

Almost all network devices can transmit the log information through the SYSLOG protocol to the remote server via UDP, while the remote server listens to UDP port 514 via SYSLOGD. And according to the configuration in the syslog.conf configuration file processing, accept access to the system log information, the specified event is written to a specific file for the background database management and response. It means that we can have any event logged on to one or more servers, in case the backend database uses off-line, which is offline, to analyze the events of the remote device.

While/etc/syslog.conf uses Facility.level action, and Facility.level is the selection criteria, it itself is two fields, separated by a decimal point, the previous field is a service, and the latter field is a priority. The choice condition is actually a sort of message type, which makes it easy for people to send different types of messages to different places. More than one selection condition is allowed on the same syslog configuration, but it must be separated by semicolons. The activity represented by the action field has a lot of flexibility, especially because we can use pipelines to make syslogd post-processing information.

Usually facility refers to a function that can be detected by the syslog, where Kern refers to the kernel information, which is transmitted through KLOGD, and user is the process, while mail is the message, and daemon is the background process, and AUTHPRIV is the authorization information. While syslog is the system log, and LPR is the print information, and new is the newsgroup information, while UUCP is the information generated by UUCP, Cron is the scheduling and task information, and mark is used by the syslog internal function to generate timestamps. Local0-7 is used with custom programs, such as using LOCAL5 to represent SSH functionality. and * indicates all features outside of Mark.

Where level refers to the priority of the syslog, where Emerg or panic indicates that the system is not available, and alert represents a condition that requires immediate modification, and Crit represents an error condition that prevents the implementation of some tool or subsystem functionality. Err represents an error condition that is implemented by a blocking tool or some subsystem part of a feature, while warning is a warning message, while notice is a normal message, and info is a notification message.

The daemon for the syslog is invoked by the/etc/rc.d/init.d/syslog script, and the option is not used by default. If a log server is to be used, syslogd-r must be called and syslog will not accept messages from the remote system by default. When the-r option is specified, SYSLOGD listens to UDP packets coming in on port 514.

If you also want the log server to be able to send log messages, you can use the-H flag. By default, SYSLOGD ignores/etc/syslog.conf entries that make it transfer log messages from one remote system to another system.

Modifications to the configuration file require a restart of the SYSLOGD program to take effect, and you can use the/etc/rc.d/init.d/syslog restart. More exciting content welcome to continue to visit the System tribe (www.xitongbuluo.com)!

A tutorial on getting started with syslog in Linux